{ "reportSchema": "1.1", "scanInfo": { "engineVersion": "5.2.4", "dataSource": [ { "name": "NVD CVE Checked", "timestamp": "2020-03-12T07:19:47" }, { "name": "NVD CVE Modified", "timestamp": "2020-03-12T05:02:12" }, { "name": "VersionCheckOn", "timestamp": "2020-02-20T10:57:54" } ] }, "projectInfo": { "name": "", "reportDate": "2020-03-12T07:20:20.370690Z", "credits": { "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" } }, "dependencies": [ { "isVirtual": false, "fileName": "merge_cells.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/js/merge_cells.js", "md5": "7f9655fcf059c80b83f62569a97b3d79", "sha1": "e8612ea733ccd1fd80c03693a096de88d1dc14c3", "sha256": "58cfdf22d4ed08c25775de2c87e37cce0dd7ccf3d95139ccc520a24af7514928", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/insertdatetime/editor_plugin.js", "md5": "d99072498466cdb2f53ed7c02da85982", "sha1": "c94b35644717c9228015f3dcb0b9358c3a373553", "sha256": "48fb10a80c6649258719b7e3ffd401b7a4b4c0daa2dd1cec22547088bab28b72", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ro-RO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ro-RO.js", "md5": "6c9c0284d30dd51fcdc2a0fb5a5b9ab0", "sha1": "440b36d80b0e5c45e3446365efc1b387c5b1103e", "sha256": "4f111c0714321201f02a96710ad3273cffa896a0068f7506e7d3e2d8f8c044eb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "loader-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-base.js", "md5": "8edc7b6778ede2dc84b4a071ed34eda3", "sha1": "10ace887a9103e2e4ac92df4747b5cb921fee707", "sha256": "01e727d95dd6ad4fda7e7a4c0e412d14dd8095e875cc6d6c3a4c39c6efddcc4c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_el.js", "md5": "72c2048ef8a2fb8a8fbb99d3106e42fd", "sha1": "bfab9a412fb1cd011b61ba6f3019df79fb313b28", "sha256": "a6159d55c3c56a6188ad080c61f37709f5d4951cf85050c70bcd55f552167808", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.contextmenu.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.contextmenu.js", "md5": "5d04ea81a591c3cd81ec74c3a49457fe", "sha1": "f450e81f769c7581a8025e00743be529008b4689", "sha256": "b0aa7b50d6c2864778b8e8a7b2d0804a72af35c1c19d4ba37f6f0c27d504e907", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-local.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-local.js", "md5": "c7d7fac69be58a308a1974aaeb8c3332", "sha1": "b5ef74bda369ff6b3bf9b0fa493dc35d7e57171f", "sha256": "bcdf5213c3e0a894ff324669913c3f6c4a319c4a5a5f09f7a3af8d750eecf239", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-local-min.js", "sha256": "bcdf5213c3e0a894ff324669913c3f6c4a319c4a5a5f09f7a3af8d750eecf239", "sha1": "b5ef74bda369ff6b3bf9b0fa493dc35d7e57171f", "md5": "c7d7fac69be58a308a1974aaeb8c3332" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-local-min.js", "sha256": "bcdf5213c3e0a894ff324669913c3f6c4a319c4a5a5f09f7a3af8d750eecf239", "sha1": "b5ef74bda369ff6b3bf9b0fa493dc35d7e57171f", "md5": "c7d7fac69be58a308a1974aaeb8c3332" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sortable-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable-min.js", "md5": "588b4e43059da1e189c74dd0e304ad55", "sha1": "ed18c7841cdecc4720dadaa08f6b6ab2e514f15c", "sha256": "8cf69b8439a7e01ff557a7e2d6cd5ecc8e7e4adae436671ccffb978de4ec7400", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable.js", "sha256": "8cf69b8439a7e01ff557a7e2d6cd5ecc8e7e4adae436671ccffb978de4ec7400", "sha1": "ed18c7841cdecc4720dadaa08f6b6ab2e514f15c", "md5": "588b4e43059da1e189c74dd0e304ad55" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/sortable/sortable-min.js", "sha256": "8cf69b8439a7e01ff557a7e2d6cd5ecc8e7e4adae436671ccffb978de4ec7400", "sha1": "ed18c7841cdecc4720dadaa08f6b6ab2e514f15c", "md5": "588b4e43059da1e189c74dd0e304ad55" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.iframe-auto-height.plugin.1.9.3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/jquery.iframe-auto-height.plugin.1.9.3.js", "md5": "eca62fdb5373049723a1bd397a53dbe0", "sha1": "9c433478469f3a7d864cd9a08836ba1624f3f940", "sha256": "aee5afbbf7a5bc80dd8b7a217fe55dc099b6153a704bb7664215ce9f2c806d45", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "transition-native.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition-native.js", "md5": "a3d282fad6dca511268d207c4415dacb", "sha1": "254dc44bbb6d3ba70931c31734422bb160a0111c", "sha256": "b3649a31af168753cac9c9af68b8acb2debef98c1a915ae6d46882ab6441e2ac", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition-native-min.js", "sha256": "b3649a31af168753cac9c9af68b8acb2debef98c1a915ae6d46882ab6441e2ac", "sha1": "254dc44bbb6d3ba70931c31734422bb160a0111c", "md5": "a3d282fad6dca511268d207c4415dacb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/transition/transition-native-min.js", "sha256": "b3649a31af168753cac9c9af68b8acb2debef98c1a915ae6d46882ab6441e2ac", "sha1": "254dc44bbb6d3ba70931c31734422bb160a0111c", "md5": "a3d282fad6dca511268d207c4415dacb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-number-parse.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-number-parse.js", "md5": "97e786013ec9d06a3bd6f492da8340c9", "sha1": "f599bc4e9944fbc1c0e05a8a675aaed055bc36ed", "sha256": "6502fce2af290fcadd0c5c629d99df1a8f43ae479a1a52dd2b2b8401f527e2b4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-MY.js", "md5": "ebf37204facec764f1226b71f1d5f256", "sha1": "0a20a7ba40440d2621d263a84f9501a5fbde1ec3", "sha256": "1dcbfe4895acc2178dfa0716c37fb144e681effdeaecefdd51c7b5808d9b1f11", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarYUILoader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/sugarwidgets/SugarYUILoader.js", "md5": "ae5b3b77eacc4c1fd18e137240b53399", "sha1": "2da2aac329d8f17069d00fe2496f2be46284c80a", "sha256": "c523d6d45e56e43b10bb2bef3d0941d002636027f6b07cdf49241e9993a5e7e4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-polling-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-polling-min.js", "md5": "b3e59e37018ef2612eda7e37f5293f1c", "sha1": "c828fc22fbbd87da848bb9873a59d40742e333ee", "sha256": "ec4a183237c9e47e89475a450015e81e87a06dae0f1638810c49e712e3edbde0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-polling-min.js", "sha256": "ec4a183237c9e47e89475a450015e81e87a06dae0f1638810c49e712e3edbde0", "sha1": "c828fc22fbbd87da848bb9873a59d40742e333ee", "md5": "b3e59e37018ef2612eda7e37f5293f1c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-polling.js", "sha256": "ec4a183237c9e47e89475a450015e81e87a06dae0f1638810c49e712e3edbde0", "sha1": "c828fc22fbbd87da848bb9873a59d40742e333ee", "md5": "b3e59e37018ef2612eda7e37f5293f1c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.key.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.key.js", "md5": "776ea652ff7cb8043c7d0a7bd9c06887", "sha1": "8e402d2df338aa12b73b3c71cf2f1fba786b8559", "sha256": "9a5204577d3fb5b7082f5095f9023f55296bb7d0089fe1efb32e8036246e5cd5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_it.js", "md5": "a8fb7763eacfa1390dba19df93fa7c57", "sha1": "87ba28b1fecd3294d4092a1476e357fb7034556f", "sha256": "dec5981d916078a990421f26ae900b4c5f3f2237092e7877347da239adc6007a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "popup_helper.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/popup_helper.js", "md5": "3fea89eee621ca6f69e65568111baa15", "sha1": "e95588c3755b3e347233146308fb3d057f9e9ba3", "sha256": "6ca51df0bb2b03c4edf36fd5e691c91074ee437ffa2e3823550b6711dd45c20b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget.js", "md5": "198de37804e4b98b996971c36af87e5f", "sha1": "b9ba4ab9861a684b7cf5a6fa45457c0ef5f649b9", "sha256": "a8c0337643a87fdcf0e2d3c833b5b3c7f4e1c06d329d77e09b1f07772ed5744c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "tabview-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/tabview/tabview-plugin-min.js", "md5": "df91287276470a1dbc09c7176a304bce", "sha1": "346d1efd69df4565ccebabaa2031abd59a1b02c1", "sha256": "aee41f5429b6a8a2e29af86114469eb3a919d4a4b8406d22b411a897d2019655", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview-plugin-min.js", "sha256": "aee41f5429b6a8a2e29af86114469eb3a919d4a4b8406d22b411a897d2019655", "sha1": "346d1efd69df4565ccebabaa2031abd59a1b02c1", "md5": "df91287276470a1dbc09c7176a304bce" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview-plugin.js", "sha256": "aee41f5429b6a8a2e29af86114469eb3a919d4a4b8406d22b411a897d2019655", "sha1": "346d1efd69df4565ccebabaa2031abd59a1b02c1", "md5": "df91287276470a1dbc09c7176a304bce" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.resizing.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.resizing.js", "md5": "2d1f93314543e405370f7ed0814657b6", "sha1": "869a129620154a9a3515dee83a4c93791db0a12f", "sha256": "d0e57168868cface73814cbbedd9fa0aaa18c6bdb2b5a658bcf1c950aa235cc5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/fullpage/editor_plugin_src.js", "md5": "96b66213d03d2c1802cd4e067be4d408", "sha1": "9924cd46d46a2dfe7cf0f097ec80414acfe3f8fa", "sha256": "3c19042affd3a0ae8d0326f0f85492569755511dcc9ee523fa5434ef671ed01e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "suitespots.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/suitespots/suitespots.js", "md5": "8050bee2aaac2a0417a63d2ac8c0ed3f", "sha1": "4cf57c5b40bc37667c519bcd38f17883560cdc7f", "sha256": "d3ab10cb33171b50f784692874529e45e3c9ea773e149801bce04eeb02fb1eec", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "actionComputeField.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOW_Actions/actions/actionComputeField.js", "md5": "2f39d2288a3dbe7dc85b3b185ce1fdc5", "sha1": "32852c78eac88673a77d155c0f9e1ee60adf077b", "sha256": "13e5e02000649aca8809133064fbf7c7b3158c8312391cb0fd9f098da5811ba0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.dataTables.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/DataTables/media/js/jquery.dataTables.js", "md5": "28e78e8c1897d5a8bcf7e18b2f2ba0b6", "sha1": "d3a3798918aaf361571de9e6dcae22c3f57e545e", "sha256": "cad275cd9985e1cd1020e9c9d422eb3a56cc4b1649337bee991359655e6d90bc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dataschema-text-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-text-min.js", "md5": "174e5569a17675116e35e067748359b9", "sha1": "3ed67fbafbe5410a425c6c6312145825f83914e2", "sha256": "11795037162cdcac882d2b7e337c20a95f83d9ea1a921eace8868f00351f98af", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-text.js", "sha256": "11795037162cdcac882d2b7e337c20a95f83d9ea1a921eace8868f00351f98af", "sha1": "3ed67fbafbe5410a425c6c6312145825f83914e2", "md5": "174e5569a17675116e35e067748359b9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-text-min.js", "sha256": "11795037162cdcac882d2b7e337c20a95f83d9ea1a921eace8868f00351f98af", "sha1": "3ed67fbafbe5410a425c6c6312145825f83914e2", "md5": "174e5569a17675116e35e067748359b9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.effects.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.effects.js", "md5": "f5822c5ed965f1732fd9826ad6ab08ba", "sha1": "c71f705057c77502c71f917a4de5c5d34512d3f1", "sha256": "047fd481f6b7831326125eb49383626df31cee8980f56f9262c2a0439c9c0552", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "recordset-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-min.js", "md5": "e9c21cd68355622dd89fcb311edf6934", "sha1": "cfa66280857f6c9b8d6c84b6aa26b9c8e9b9b138", "sha256": "bacd3048b6e553e543cd429b603b1e1a1d6d553d18e86428c1182048f4f4e014", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-min.js", "sha256": "bacd3048b6e553e543cd429b603b1e1a1d6d553d18e86428c1182048f4f4e014", "sha1": "cfa66280857f6c9b8d6c84b6aa26b9c8e9b9b138", "md5": "e9c21cd68355622dd89fcb311edf6934" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset.js", "sha256": "bacd3048b6e553e543cd429b603b1e1a1d6d553d18e86428c1182048f4f4e014", "sha1": "cfa66280857f6c9b8d6c84b6aa26b9c8e9b9b138", "md5": "e9c21cd68355622dd89fcb311edf6934" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.checkbox.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.checkbox.js", "md5": "5f18e20eb237a34f2094904114531f74", "sha1": "a17571b9fb5aded17d543e8dedf402315de775f0", "sha256": "6bc747bc34ae5c842cbfa0f0118d292e01707af58791f1887840cd0d18e4a12e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd.js", "md5": "ad894fde9d8c490fe5017bccea095e39", "sha1": "997349c44f60ab99bb5d6eb9c624b22a35c49375", "sha256": "0d43d90f3c2bb5cdef8ff3ed92b409297835c92d8c70c452de46f16f561041e5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/autosave/plugin.js", "md5": "c2ede3a907964206f43c887fdef54d15", "sha1": "29e5e55edc8cc4c60d2ea020e6960ebf873bcdbb", "sha256": "400bdc27088ba8baa528734c73141a3104c3bacd765bb74a8a3d499e6d8ca44b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "frame-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/frame-min.js", "md5": "31bb0404b2e4a1f597329761acf4b6fd", "sha1": "88b98a28ad2027af20b6ab61731189f4e7300477", "sha256": "f5eb503acd9d0c4b4be680afc98830ba534de8405b1ee2f902afd2265fc6ab2c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/frame.js", "sha256": "f5eb503acd9d0c4b4be680afc98830ba534de8405b1ee2f902afd2265fc6ab2c", "sha1": "88b98a28ad2027af20b6ab61731189f4e7300477", "md5": "31bb0404b2e4a1f597329761acf4b6fd" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/frame-min.js", "sha256": "f5eb503acd9d0c4b4be680afc98830ba534de8405b1ee2f902afd2265fc6ab2c", "sha1": "88b98a28ad2027af20b6ab61731189f4e7300477", "md5": "31bb0404b2e4a1f597329761acf4b6fd" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-GB.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-GB.js", "md5": "7dfaa59d017d14f22b2e54eeb38c4b3c", "sha1": "f49f9e41fad2504e5c22dd46d2bac3a1495aae02", "sha256": "b01d71934083f4b1709b5de1c5b91c7098dcb73f38333fddd7da926a8c6561e1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "append.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/append.js", "md5": "4c6300f54b30a3ec16552641e467c914", "sha1": "66212c9fa20fda9276521ef7444fc73f47ae535c", "sha256": "0d1df8abeb2cd9fbe369bba8fa87a991109aaefb69e892b4f3b3afeb7c502431", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sortable-scroll-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable-scroll-min.js", "md5": "245753ed909c62be0db3feb398b4a6fd", "sha1": "31697ad3095f94cd299723db76af33f74a0da2cd", "sha256": "d860ead5d7561aee48820fbc01d1aa6f7d0a983c4f022fdb5a4ad937816749fe", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/sortable/sortable-scroll-min.js", "sha256": "d860ead5d7561aee48820fbc01d1aa6f7d0a983c4f022fdb5a4ad937816749fe", "sha1": "31697ad3095f94cd299723db76af33f74a0da2cd", "md5": "245753ed909c62be0db3feb398b4a6fd" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable-scroll.js", "sha256": "d860ead5d7561aee48820fbc01d1aa6f7d0a983c4f022fdb5a4ad937816749fe", "sha1": "31697ad3095f94cd299723db76af33f74a0da2cd", "md5": "245753ed909c62be0db3feb398b4a6fd" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/inlinepopups/editor_plugin_src.js", "md5": "41c53bd54e8af72296d0d04fce118cbf", "sha1": "275b4f501114ba4ad5f5b573dc0d7d11b1acb092", "sha256": "b130258656e547e7aa2467de93292bd3fda742a7b29771b6e4990975196431d6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-position-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position-min.js", "md5": "93f1b2f2bada8b5321f50ac62d213723", "sha1": "dab1faba2fcdae0534e10583ff995fabd64fcd08", "sha256": "ae607a04f5ff3bb085529975e2ea12226f9cc0eecb56339a15507e339569e865", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position.js", "sha256": "ae607a04f5ff3bb085529975e2ea12226f9cc0eecb56339a15507e339569e865", "sha1": "dab1faba2fcdae0534e10583ff995fabd64fcd08", "md5": "93f1b2f2bada8b5321f50ac62d213723" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-position-min.js", "sha256": "ae607a04f5ff3bb085529975e2ea12226f9cc0eecb56339a15507e339569e865", "sha1": "dab1faba2fcdae0534e10583ff995fabd64fcd08", "md5": "93f1b2f2bada8b5321f50ac62d213723" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "studiotabgroups.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Studio/studiotabgroups.js", "md5": "aad6d2db3a73292f856e1d61901b4ff1", "sha1": "08dcb776985a9ae9494d647c2c78a7b877b0ce6d", "sha256": "27023077ff611f9ad7b1d72be0371ee0a04a784a967ed13374fadb10a318bc60", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery-success.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/jquery-success.js", "md5": "f028b048b67e12fc0a6940d94708965e", "sha1": "9b7dd46b5d214261dac0947324f006cc1b96b9ee", "sha256": "e22dcee90094f25a7f1ed6905de1920eb07fad50fdcf9e2a94d9a10ae171fa48", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "intl-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/intl/intl-min.js", "md5": "b9fb0949754b6d42796eda6e2101c917", "sha1": "0edf5f64d5d5cb8588ccd87b3cb1fd58c9d0bc50", "sha256": "4d250b8583d610cf9bf90ce531c258e84f50cd8a97ab29e95168e98a4fa055fb", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/intl/intl-min.js", "sha256": "4d250b8583d610cf9bf90ce531c258e84f50cd8a97ab29e95168e98a4fa055fb", "sha1": "0edf5f64d5d5cb8588ccd87b3cb1fd58c9d0bc50", "md5": "b9fb0949754b6d42796eda6e2101c917" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/intl/intl.js", "sha256": "4d250b8583d610cf9bf90ce531c258e84f50cd8a97ab29e95168e98a4fa055fb", "sha1": "0edf5f64d5d5cb8588ccd87b3cb1fd58c9d0bc50", "md5": "b9fb0949754b6d42796eda6e2101c917" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dpSyntaxHighlighter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/assets/dpSyntaxHighlighter.js", "md5": "e3c2434acdcd9f4b0717efba1d7d7ebb", "sha1": "8f493b0eba6c0337d24d5b281755263d02194d49", "sha256": "4e7d5e722a1267eb39f901858c33e456f06fcb1fd9494eeffec73b5fcbebfe6c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/imagetools/plugin.js", "md5": "1aaa48683ab35499cd380086787db74a", "sha1": "e360b1183686a665c243c978b75a55919f4b7e49", "sha256": "e5ab37889a854bf3bd2835d37a6da4ecf6b4b319c20488fb7858f88018052218", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "arraylist-filter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/arraylist-filter.js", "md5": "bf8272aa2e796724b967cd20f74570a7", "sha1": "0af177618bf5c74670f31aaf9b6357ec6dbcb09c", "sha256": "1963b077d3929b96757dbf2a2b40c0d9bbe504277d49c7179d76a497db6cef68", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "profilerviewer-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/profilerviewer/profilerviewer-min.js", "md5": "6aea294797b41232c7d14ee56081bf2e", "sha1": "3dab23c64898de0d49ba32bfb408051cf298aa63", "sha256": "0fcbcc3e3a55aeb6dc685eae1a5d076d0cb071f3c9775d70229148f42e5a42bc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/save/editor_plugin.js", "md5": "307a0743c68c4e4aff005f13027f296f", "sha1": "be47b49499c6d7cee5817ca38f1f0c7dc9bb2221", "sha256": "652a1d3ad24f49b1d5a4ca2d431bc7180845698f8a0015fc54cc19a7a53f790f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ru-RU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ru-RU.js", "md5": "1c3ce7a3b955122aedbdfb00a6eed2e9", "sha1": "491612a2cdf5d498c68e4aa83cc8c37fe6b87a06", "sha256": "1cfc5824d7ae533fe8e82bdb7d8d2fab22f2a6d2ea9734a6bb1e40d46cef655f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-UY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-UY.js", "md5": "1df67a9166f57c6e8747c6a9e244c2e6", "sha1": "ac4c700c18dbd67ae71cdf56aff1b8bdaaa53476", "sha256": "d1758851149742cd271679c12fc24d9ad01b8ae1219727abe0c109eb881e3116", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cookie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/cookie.js", "md5": "4a84d97b2488ea07cb91cda3e3b1f8f4", "sha1": "5fa51571e2cb0703e2c3cf1e2cf4a08644201a81", "sha256": "53567537b28f8aba998245cc903dca33827a293960a618c302fd17e3bfb58a59", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-queue.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-queue.js", "md5": "042ab905ea11a92430b02d3bfc2c5371", "sha1": "f8721c619889fcd8b2104097521cfb29b73f51e8", "sha256": "fa18095d494ae320bf615bb3af061f3923884e7be9bf4dff4dc6f718119618be", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-queue-min.js", "sha256": "fa18095d494ae320bf615bb3af061f3923884e7be9bf4dff4dc6f718119618be", "sha1": "f8721c619889fcd8b2104097521cfb29b73f51e8", "md5": "042ab905ea11a92430b02d3bfc2c5371" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-queue-min.js", "sha256": "fa18095d494ae320bf615bb3af061f3923884e7be9bf4dff4dc6f718119618be", "sha1": "f8721c619889fcd8b2104097521cfb29b73f51e8", "md5": "042ab905ea11a92430b02d3bfc2c5371" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sugar_yui_overrides.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/sugar_yui_overrides.js", "md5": "bdd2d18879a7ba3abab8173dcca015e9", "sha1": "f414a372bb3886724c20a6971260ddf31e568562", "sha256": "ea55132e89527abced3672a7cb0a0e8280473ecdbb2c3c3f5800b141086d99c4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "polygon.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/polygon.js", "md5": "5564f16134124604a92deca440f9cb5b", "sha1": "f1d69de60d5a7b2ca37a17c89638427c631db07e", "sha256": "f96d227523513c867f7e3c4fd29c28939ccc1d10eba7c4419ba1e84552ff23b1", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Areas/javascript/polygon.js", "sha256": "f96d227523513c867f7e3c4fd29c28939ccc1d10eba7c4419ba1e84552ff23b1", "sha1": "f1d69de60d5a7b2ca37a17c89638427c631db07e", "md5": "5564f16134124604a92deca440f9cb5b" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-stack.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-stack.js", "md5": "917d2d506444a7f3cca870bbd9d063bc", "sha1": "179f4ec9d446550f0bfce85b13799808cd4ec4a1", "sha256": "43f7ade0266e30aa7acd4ba2a8f79d45ebab9126890f4472f7a7c88b85cdeba5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hans-CN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hans-CN.js", "md5": "e4555c5394dbeb426d3574db580051f4", "sha1": "231ab5b3de1478a747ab6ab789e8ae0496128939", "sha256": "a9112ed8d819a2360279bbfb8046886d521356709c3749f67faa6c32a5e26645", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-VE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-VE.js", "md5": "93a92233f84c8489708e434e6cf3ebfb", "sha1": "3c5e18c772bb6d77d0ad014cdf1d64bde5faef8a", "sha256": "7030b222aa696ec054d8f645c3e66f577a59eee56d9dc6e0dd262583d4eafe5a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "resize-proxy.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-proxy.js", "md5": "2c334a50aa9a10fe0b27888c28241fc6", "sha1": "821618599d094c1671884d13f60b025c78e8edf4", "sha256": "846eb6df338d92f5878079f36136b6c299e0aabdcd4aba16add35cebd237b596", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-proxy-min.js", "sha256": "846eb6df338d92f5878079f36136b6c299e0aabdcd4aba16add35cebd237b596", "sha1": "821618599d094c1671884d13f60b025c78e8edf4", "md5": "2c334a50aa9a10fe0b27888c28241fc6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-proxy-min.js", "sha256": "846eb6df338d92f5878079f36136b6c299e0aabdcd4aba16add35cebd237b596", "sha1": "821618599d094c1671884d13f60b025c78e8edf4", "md5": "2c334a50aa9a10fe0b27888c28241fc6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "json-stringify.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/json/json-stringify.js", "md5": "e49af1a434e2dbe8cba309668fa32baa", "sha1": "3fe694c7788cf0ece23f41421f1508120f964f55", "sha256": "c586226b79fa87297c28e9e69b7fe0cd590cbac13237dd5f263de1c45479cd2c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-xml-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml-min.js", "md5": "82ccff56ec50d62eae5f1f2f575cc21a", "sha1": "adc047b3ae1707da1282da818ed26fa380e3d027", "sha256": "24b850fe930f3ec3ee5c97a992347a2c115aef3d8834eda01b12da04d0135d00", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-xml-min.js", "sha256": "24b850fe930f3ec3ee5c97a992347a2c115aef3d8834eda01b12da04d0135d00", "sha1": "adc047b3ae1707da1282da818ed26fa380e3d027", "md5": "82ccff56ec50d62eae5f1f2f575cc21a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml.js", "sha256": "24b850fe930f3ec3ee5c97a992347a2c115aef3d8834eda01b12da04d0135d00", "sha1": "adc047b3ae1707da1282da818ed26fa380e3d027", "md5": "82ccff56ec50d62eae5f1f2f575cc21a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Lead.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Leads/Lead.js", "md5": "539e25993e0de50e627ff70675e87c2c", "sha1": "c411d4502eee3a39246ac6401d741462269c284e", "sha256": "c9713922bfd964a5634664f9727dca163da5fe7b6301e446dfda2186a828db56", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "slider.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/slider/slider.js", "md5": "eec05da8d858ee3991d40aa49fa5a402", "sha1": "ba141abfbe906dfb81ec44219d6054e728f37573", "sha256": "245f83f7ae212b43e43c6b08d0aeefa3cb701e49cf27c0de930882945f4dc114", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-focusmanager.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node-focusmanager/node-focusmanager.js", "md5": "9d038b508069554da8d65ce52620b349", "sha1": "09fc30fe54ca3abb74354bd4d436c5daa825fe73", "sha256": "42f39e956cc75a15255b8b0c79ad30ec84fb8effa8e91c175258fd0829edeb5c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pluginhost-config.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost-config.js", "md5": "12d5f2c74c2a4a97da39fc747e04e899", "sha1": "16258a789194187db651d261d90b2c33201d0d3d", "sha256": "2ca0b3c6bdaec3f09ab312139b98634cf7e7c0822fda1ea0b113e4a9352b2fe3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/pluginhost/pluginhost-config-min.js", "sha256": "2ca0b3c6bdaec3f09ab312139b98634cf7e7c0822fda1ea0b113e4a9352b2fe3", "sha1": "16258a789194187db651d261d90b2c33201d0d3d", "md5": "12d5f2c74c2a4a97da39fc747e04e899" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost-config-min.js", "sha256": "2ca0b3c6bdaec3f09ab312139b98634cf7e7c0822fda1ea0b113e4a9352b2fe3", "sha1": "16258a789194187db651d261d90b2c33201d0d3d", "md5": "12d5f2c74c2a4a97da39fc747e04e899" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-AU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-AU.js", "md5": "859e37011ea87fd18e09d821c13e6b7b", "sha1": "935946ef6541779db7ff04450a415674a939c13c", "sha256": "d2f0bf4ae61f179e0de6548eef8f478c136f53e13c87e2c4855ccd3445f2e160", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-US.js", "md5": "2a71843e54324bcda1e427976dec1187", "sha1": "d15771bdb9e346a4ff9c1e854f2690fcf9d24215", "sha256": "6df2efb843f09f8e0e5627df73be1f41608f4974bc6176f8049771848ac6b395", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "moment.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lib/moment.min.js", "md5": "2b7d0faf3728e2b30b55ace597e2a8a5", "sha1": "b765a4ad85bdef6c639116aaadc8acf3fada958d", "sha256": "0defdc819a00920beaa312fdc89a49ccf1f2a335044c59d2bfb11019f416438a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "highlight-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight-base.js", "md5": "3c3f83d8b1baa815acff33388f428eaa", "sha1": "3f9112ec7f2173167bf738ada30782eef67b316f", "sha256": "226411365906bb206a7015eb94bccf1d8ec3d8bc9d3272b747a90a64d5e85e40", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight-base-min.js", "sha256": "226411365906bb206a7015eb94bccf1d8ec3d8bc9d3272b747a90a64d5e85e40", "sha1": "3f9112ec7f2173167bf738ada30782eef67b316f", "md5": "3c3f83d8b1baa815acff33388f428eaa" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/highlight/highlight-base-min.js", "sha256": "226411365906bb206a7015eb94bccf1d8ec3d8bc9d3272b747a90a64d5e85e40", "sha1": "3f9112ec7f2173167bf738ada30782eef67b316f", "md5": "3c3f83d8b1baa815acff33388f428eaa" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_pl.js", "md5": "904c22a4893c7c5310d907081396706c", "sha1": "c2296c7a0e056901edc53425cf394b63eb603050", "sha256": "ab4828b789fae5f7f3e26c202b84ead3657b4e521005293ed49926a9c616d790", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-US.js", "md5": "8d1029dc94965b05cca280f1f37ea565", "sha1": "74d8f86bd221fd01edfabb25735f856b4a4fc861", "sha256": "065bd39ad7cc3688ab2e82ade71f21c62846247d56e5a48b15eae5aa5c793b79", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "array-extras-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/array-extras-min.js", "md5": "44b583a8d42ad775d40ad69f98a777f3", "sha1": "ad541a134b6bb01f039c5200e47eb9f4fa755d3a", "sha256": "e70fa949df364813dc233a9000070f4036d0ba7280767f63fc6bc5cab99ce895", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/array-extras-min.js", "sha256": "e70fa949df364813dc233a9000070f4036d0ba7280767f63fc6bc5cab99ce895", "sha1": "ad541a134b6bb01f039c5200e47eb9f4fa755d3a", "md5": "44b583a8d42ad775d40ad69f98a777f3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/array-extras.js", "sha256": "e70fa949df364813dc233a9000070f4036d0ba7280767f63fc6bc5cab99ce895", "sha1": "ad541a134b6bb01f039c5200e47eb9f4fa755d3a", "md5": "44b583a8d42ad775d40ad69f98a777f3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "shim-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/shim-plugin.js", "md5": "6ecddf69b9cc1f7a82ac3c74373b33b9", "sha1": "c9e753c0e8acf29925217568f09dfd1e53e59c36", "sha256": "bf1dd99a95c09df7a422869975601062faa8ef68d0eaf8dc9053f445f30bbdb0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "classnamemanager-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/classnamemanager/classnamemanager-min.js", "md5": "90144a76a64db3afdd78427931d666b6", "sha1": "3f97de6a457c48dee156cbc4e9819a8923e2f045", "sha256": "743b0deb8e4d258e76c208e8814275a210948e978f320ba720f9f9348ddb711b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/classnamemanager/classnamemanager-min.js", "sha256": "743b0deb8e4d258e76c208e8814275a210948e978f320ba720f9f9348ddb711b", "sha1": "3f97de6a457c48dee156cbc4e9819a8923e2f045", "md5": "90144a76a64db3afdd78427931d666b6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/classnamemanager/classnamemanager.js", "sha256": "743b0deb8e4d258e76c208e8814275a210948e978f320ba720f9f9348ddb711b", "sha1": "3f97de6a457c48dee156cbc4e9819a8923e2f045", "md5": "90144a76a64db3afdd78427931d666b6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "checkbox.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/checkbox.js", "md5": "b1e0614eda750ff99f7015e9bc278ee7", "sha1": "ce7ed8240b58ff635528453bf0d4c99d3dc595b2", "sha256": "7362b9aa9be34020a2f9a46a9b2af56d072c1367bdaff4da37f2676e8e8cc5df", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery-1.8.0.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Areas/javascript/jquery-1.8.0.min.js", "md5": "3a728460147fb9af7faf0e587b9fbf42", "sha1": "f3a55f44fb81cf8ee908a3872841f70d6548f8c1", "sha256": "8c574e0a06396dfa7064b8b460e0e4a8d5d0748c4aa66eb2e4efdfcb46da4b31", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/jquery-1.8.0.min.js", "sha256": "8c574e0a06396dfa7064b8b460e0e4a8d5d0748c4aa66eb2e4efdfcb46da4b31", "sha1": "f3a55f44fb81cf8ee908a3872841f70d6548f8c1", "md5": "3a728460147fb9af7faf0e587b9fbf42" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "1.8.0.min" } ] }, "packages": [ { "id": "pkg:javascript/jquery@1.8.0.min", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.8.0.min" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-6708", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/102792", "name": "102792" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "info", "url": "http://bugs.jquery.com/ticket/11290", "name": "info" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20120206", "name": "https://snyk.io/vuln/npm:jquery:20120206" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", "name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" }, { "source": "MISC", "url": "https://bugs.jquery.com/ticket/11290", "name": "https://bugs.jquery.com/ticket/11290" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0" } } ] }, { "source": "NVD", "name": "CVE-2015-9251", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", "notes": "", "references": [ { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/issues/2432", "name": "https://github.com/jquery/jquery/issues/2432" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "info", "url": "https://github.com/jquery/jquery/issues/2432", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0481", "name": "RHSA-2020:0481" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588", "name": "https://github.com/jquery/jquery/pull/2588" }, { "source": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/105658", "name": "105658" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { "source": "info", "url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "name": "info" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20150627", "name": "https://snyk.io/vuln/npm:jquery:20150627" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "source": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.5", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0.1" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0.1", "versionEndIncluding": "4.3.0.4" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1", "versionEndIncluding": "17.12" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.0.4.0" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.0" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.3", "versionEndIncluding": "7.3.5" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2" } } ] }, { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "editor-para-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-para-min.js", "md5": "84ba9c53f2ba4c7ef5baae340fec77f4", "sha1": "1adfc2a00c0673b5bc4de3ab2781f7da6a577ee6", "sha256": "ef5833714b6baafc3169e81519e454ed49390494723c15173815308758d6ea05", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-para.js", "sha256": "ef5833714b6baafc3169e81519e454ed49390494723c15173815308758d6ea05", "sha1": "1adfc2a00c0673b5bc4de3ab2781f7da6a577ee6", "md5": "84ba9c53f2ba4c7ef5baae340fec77f4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-para-min.js", "sha256": "ef5833714b6baafc3169e81519e454ed49390494723c15173815308758d6ea05", "sha1": "1adfc2a00c0673b5bc4de3ab2781f7da6a577ee6", "md5": "84ba9c53f2ba4c7ef5baae340fec77f4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "upgradeWizard.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/UpgradeWizard/upgradeWizard.js", "md5": "f9257d89ca94aacd912a1e5b9a8016b8", "sha1": "53b8c24ceef18f3c260a7a098bb8537cb6840418", "sha256": "63d39a1a1785e8f96559a7d97834e3c5902caf0790463fc1f483940257015152", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-tab-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-tab-min.js", "md5": "86df1915091a454487f7ef611a9344f1", "sha1": "5021c9074594328f3726e978de588c353b27fd68", "sha256": "bf28b2d6cf4fce285f39efca9880eef7df57f0d49e56e1a9c113efe1480e61f8", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-tab-min.js", "sha256": "bf28b2d6cf4fce285f39efca9880eef7df57f0d49e56e1a9c113efe1480e61f8", "sha1": "5021c9074594328f3726e978de588c353b27fd68", "md5": "86df1915091a454487f7ef611a9344f1" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-tab.js", "sha256": "bf28b2d6cf4fce285f39efca9880eef7df57f0d49e56e1a9c113efe1480e61f8", "sha1": "5021c9074594328f3726e978de588c353b27fd68", "md5": "86df1915091a454487f7ef611a9344f1" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_vi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_vi.js", "md5": "77e24d61e4c52cc78a5d458c19b0ee63", "sha1": "0fd3170ab5147b3ebc2fb735583ae2386e0c666c", "sha256": "09cd920cf177a662a5b92fee91dac5dee2bd59894fe30c4b320c8ff65417d5d7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "async-queue-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/async-queue/async-queue-min.js", "md5": "007c65e9287b5f2bda1f77e2cebac811", "sha1": "5d4aab0b5cac2a9b15a4309074f0a997f59cc75b", "sha256": "bca9067d59fec0cd786bcc3fd31f6684a53b02e0a54372a647139fecce9c562e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/async-queue/async-queue-min.js", "sha256": "bca9067d59fec0cd786bcc3fd31f6684a53b02e0a54372a647139fecce9c562e", "sha1": "5d4aab0b5cac2a9b15a4309074f0a997f59cc75b", "md5": "007c65e9287b5f2bda1f77e2cebac811" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/async-queue/async-queue.js", "sha256": "bca9067d59fec0cd786bcc3fd31f6684a53b02e0a54372a647139fecce9c562e", "sha1": "5d4aab0b5cac2a9b15a4309074f0a997f59cc75b", "md5": "007c65e9287b5f2bda1f77e2cebac811" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "arraylist-add.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/arraylist-add.js", "md5": "876710c87b5de8282b52d0857b6fab3e", "sha1": "0fb69b1ee1b1fcca152aff11a826277ba1114f3b", "sha256": "d9c16795ad53fe389684ffbf90f5d8bd2ecac03b4a834fee19599f12f629df35", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/arraylist-add-min.js", "sha256": "d9c16795ad53fe389684ffbf90f5d8bd2ecac03b4a834fee19599f12f629df35", "sha1": "0fb69b1ee1b1fcca152aff11a826277ba1114f3b", "md5": "876710c87b5de8282b52d0857b6fab3e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/arraylist-add-min.js", "sha256": "d9c16795ad53fe389684ffbf90f5d8bd2ecac03b4a834fee19599f12f629df35", "sha1": "0fb69b1ee1b1fcca152aff11a826277ba1114f3b", "md5": "876710c87b5de8282b52d0857b6fab3e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cookie-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cookie/cookie-min.js", "md5": "463b9e173a386ba693a54ea9ddf57dac", "sha1": "ba4938accba7622c140bdc43d9cd7f4167e0d7ca", "sha256": "299fce3eaa3255c34a67f6ec3c6ef1546caddf176fb10b5d01ecb7a238d7ab4e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cookie/cookie.js", "sha256": "299fce3eaa3255c34a67f6ec3c6ef1546caddf176fb10b5d01ecb7a238d7ab4e", "sha1": "ba4938accba7622c140bdc43d9cd7f4167e0d7ca", "md5": "463b9e173a386ba693a54ea9ddf57dac" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cookie/cookie-min.js", "sha256": "299fce3eaa3255c34a67f6ec3c6ef1546caddf176fb10b5d01ecb7a238d7ab4e", "sha1": "ba4938accba7622c140bdc43d9cd7f4167e0d7ca", "md5": "463b9e173a386ba693a54ea9ddf57dac" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "TextNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/TextNode.js", "md5": "24a9bca371d9892ccd28455bd06d8f79", "sha1": "8834e5a9401bd618ce43f0fc0ef6f2e9528cc15b", "sha256": "b42d47d41598f9126e072f4aadb4a545351b621f057f2f20a121ab5780e05b11", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node.js", "md5": "399bb252059f3b901b98ead510334634", "sha1": "ed89b32136a168464d825d5c095a639ec0df3ba4", "sha256": "b7f01f0af9339c3433c98747645c21f83fa0a37ed1c620165f922243103e1ede", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-min.js", "sha256": "b7f01f0af9339c3433c98747645c21f83fa0a37ed1c620165f922243103e1ede", "sha1": "ed89b32136a168464d825d5c095a639ec0df3ba4", "md5": "399bb252059f3b901b98ead510334634" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-min.js", "sha256": "b7f01f0af9339c3433c98747645c21f83fa0a37ed1c620165f922243103e1ede", "sha1": "ed89b32136a168464d825d5c095a639ec0df3ba4", "md5": "399bb252059f3b901b98ead510334634" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/fullpage/editor_plugin.js", "md5": "3b421db27fd9294629713f985a53c558", "sha1": "ce00de4a933ee04e5d4cc8728bdb1eca172ac883", "sha256": "fe0ebf079f62e662a6e23059b20074c10251b2874204dbf536dc12bf3de9acc1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-highlighters-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-highlighters-min.js", "md5": "9fe8fba84f40c442efd1f177de5d2cbf", "sha1": "7e42085a6d13d7c838942aa01aeee0b0d7d61ab3", "sha256": "05a1d9972a8b45d19e34f029e2e3267185db5c313d2e3e9c2151ed1846418b5a", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-highlighters.js", "sha256": "05a1d9972a8b45d19e34f029e2e3267185db5c313d2e3e9c2151ed1846418b5a", "sha1": "7e42085a6d13d7c838942aa01aeee0b0d7d61ab3", "md5": "9fe8fba84f40c442efd1f177de5d2cbf" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-highlighters-min.js", "sha256": "05a1d9972a8b45d19e34f029e2e3267185db5c313d2e3e9c2151ed1846418b5a", "sha1": "7e42085a6d13d7c838942aa01aeee0b0d7d61ab3", "md5": "9fe8fba84f40c442efd1f177de5d2cbf" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "fullcalendar.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/fullcalendar.min.js", "md5": "44dc81d85eca048a9f798ee0b8665202", "sha1": "4c4e451e8ef7188ff2d713bcd92dc74ab495e197", "sha256": "b85c24dacfe74480e0c447d501d2b5a9dad4aaef8f19dc06a084f198030c168c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-drop-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-drop-min.js", "md5": "2f51a4ed0bc4f56f53a53eca0de17987", "sha1": "226331722e4720695c590952be32f1d29279c83f", "sha256": "3308e9508204972f355a25adf60c73f3fa487354567acae0d2cad9ee2cb6a20b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-drop.js", "sha256": "3308e9508204972f355a25adf60c73f3fa487354567acae0d2cad9ee2cb6a20b", "sha1": "226331722e4720695c590952be32f1d29279c83f", "md5": "2f51a4ed0bc4f56f53a53eca0de17987" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-drop-min.js", "sha256": "3308e9508204972f355a25adf60c73f3fa487354567acae0d2cad9ee2cb6a20b", "sha1": "226331722e4720695c590952be32f1d29279c83f", "md5": "2f51a4ed0bc4f56f53a53eca0de17987" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "console-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/console/console-min.js", "md5": "02f6064e78653c05ce2a3d4bcd4d1b98", "sha1": "bb37aa4f739be1c0d88727a93e4cf93b8e533eac", "sha256": "388af524f37be36948b37aaae5c9a477b52f391fdf0213de74514d97cf9f731b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/console/console.js", "sha256": "388af524f37be36948b37aaae5c9a477b52f391fdf0213de74514d97cf9f731b", "sha1": "bb37aa4f739be1c0d88727a93e4cf93b8e533eac", "md5": "02f6064e78653c05ce2a3d4bcd4d1b98" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/console/console-min.js", "sha256": "388af524f37be36948b37aaae5c9a477b52f391fdf0213de74514d97cf9f731b", "sha1": "bb37aa4f739be1c0d88727a93e4cf93b8e533eac", "md5": "02f6064e78653c05ce2a3d4bcd4d1b98" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/example_dependency/editor_plugin_src.js", "md5": "473878118b45efe326d335f992ff9943", "sha1": "5ed2c60b958b2f6030d31938a3d1109bca522859", "sha256": "dc0e46d71312ceaf94e2671f364d8909c38c2f22da79528daa758c69aba2579f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-event-html5.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-event-html5.js", "md5": "76ba62b7ef15c39473f992a2045208dd", "sha1": "d035938d6f7d02429ceabd2bce84f9b251c02a86", "sha256": "b0f0f8698a11cbaa574c63749b147e8215e20946cf71d5aba50a03fe99346fb3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_pt-BR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_pt-BR.js", "md5": "f9bcdf32c0074f05336ef410fc68a794", "sha1": "7fa8dc01e2999908c21d0255371e9dfce23ec23d", "sha256": "ee022f203ba11eddef8ff295dcbea81762e3f4aadcfa3da7261b0094030e3a28", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "background.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/background.js", "md5": "48feb10c001d21c290ca705d9cc0813a", "sha1": "c963385cd1b4489d736c731ea93c9bf7561c522b", "sha256": "fddba0987b11542f89867318ad164ad76c115e328588f39a1189f27afb11e317", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/noneditable/editor_plugin_src.js", "md5": "67393d77fc0db16486b9bca5853beb73", "sha1": "535b06b27160fca0bf32968c01f56d91e90280e8", "sha256": "d5fe1d628046b5dc8d314944eb2f35d4c2e9e161bfec09cddf585ce3cfa0e5e3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-base-ie-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-base-ie-min.js", "md5": "6058faf73f90dd4f3e26ab8d6f0b5695", "sha1": "ca8fa32d4383b29e14851af379a7647497dd1503", "sha256": "3599d048685679780559bdfd2d6841d813bf86d47376f4a5dae0acd064f1ebca", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-base-ie-min.js", "sha256": "3599d048685679780559bdfd2d6841d813bf86d47376f4a5dae0acd064f1ebca", "sha1": "ca8fa32d4383b29e14851af379a7647497dd1503", "md5": "6058faf73f90dd4f3e26ab8d6f0b5695" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-base-ie.js", "sha256": "3599d048685679780559bdfd2d6841d813bf86d47376f4a5dae0acd064f1ebca", "sha1": "ca8fa32d4383b29e14851af379a7647497dd1503", "md5": "6058faf73f90dd4f3e26ab8d6f0b5695" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "create_project.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/create_project.js", "md5": "2f40efcbe5989c91e74e773085bfc95f", "sha1": "a1e8c8b4911686bdf77cd4ff8a1bbca59f480d6d", "sha256": "63628b64b32d6956fb2d6d26d683917f769b6993e341800270c078366f44e80a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-drop-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-drop-plugin.js", "md5": "3e7547c269074363b071feb46b298182", "sha1": "9ede7608d95f086b99f62b30c7f030b3f33dd471", "sha256": "69ff7359f3b0c5659cf00af967362772305c08f049119ea1bf34f145b5777644", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ko-KR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ko-KR.js", "md5": "4360e399150e609e19ad21ad815998df", "sha1": "38d787cda5630a6971278522327e53679b74f7e0", "sha256": "7860ccb985f14a057a0680f132013decde8a79d246a524f40fcafc7312f55e03", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-list_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/lang/autocomplete-list_en.js", "md5": "72bb9d517b3d2a74ecd994c7e8d4831f", "sha1": "41446d0bed637ee1af8faf11f25df4ef60cece3d", "sha256": "5937ba4a7a0a476b53ff461f83a2c037c6aaec019af30fb31f6f78bae3c26465", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Async.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Administration/javascript/Async.js", "md5": "f062dbc229f6307d094319abaebb2c7c", "sha1": "316c1e000b5a728f2ca382b9e7b16cfe2e20359e", "sha256": "23ce9bb034ab73792bf0a19ba5f56b3c1de39f3cd4c7649db3f693a8d076bb22", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "quicksearch.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/quicksearch.js", "md5": "0329400df3d1b8e4eab0765f8fe9f2e4", "sha1": "926ed98c6ed87cfcc78993a998a63cdf45ea0c0b", "sha256": "8fd0b9f4fbb639de19188a5b9645ed518f05ea889b52fb66040efd0b7fbdc303", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsonp-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/jsonp/jsonp-min.js", "md5": "47958e8b0dfdddcf4a901330eb68cb4d", "sha1": "b1b5ded6b106b1ed7dfe130555feebc3577afcc8", "sha256": "a492c66a8b78bb25d3d10658a5b553f6cc358e3897116f100153830b2301aae0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/jsonp/jsonp.js", "sha256": "a492c66a8b78bb25d3d10658a5b553f6cc358e3897116f100153830b2301aae0", "sha1": "b1b5ded6b106b1ed7dfe130555feebc3577afcc8", "md5": "47958e8b0dfdddcf4a901330eb68cb4d" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/jsonp/jsonp-min.js", "sha256": "a492c66a8b78bb25d3d10658a5b553f6cc358e3897116f100153830b2301aae0", "sha1": "b1b5ded6b106b1ed7dfe130555feebc3577afcc8", "md5": "47958e8b0dfdddcf4a901330eb68cb4d" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "oc_install.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/oc_install.js", "md5": "4486311ea961d6477f56ad8a462baeb3", "sha1": "1a305fc788f4a1b02ed1213f333b1c41ce4abf84", "sha256": "6bc77d95a2c11d9968bf5d10a312608885a62191205077beb43ba0841209a8cd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_de-AT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_de-AT.js", "md5": "a6e64a550ced124fb3da126934ccfbcf", "sha1": "45226c18a37222085eedcfb97c27a4e8be6acdb8", "sha256": "85d0b35552e7b33fef31c7e0e2abf121a55cd5d3f7248871520fc6fe226faccc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_id.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_id.js", "md5": "91fc4f4f0739e0e62230bacd65496ce0", "sha1": "e54aea59aeb993df6a198bc938a00b0058ee11d5", "sha256": "e8b9ba30888f0b135c6536067ebb9e1bb1a466e10b37354f94778565b8e5bc27", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_tr-TR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_tr-TR.js", "md5": "96e24f0a2a0b151d3c618b594be2c9be", "sha1": "77804b40c0672de14ea36fdd23bc257948f2ea07", "sha256": "22f5badc9472134f0ef6ff35aa9c90f607961f25b87748f98cb1e26368773573", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ja-JP.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ja-JP.js", "md5": "b2717b8fe90df10358e04e89f8fead80", "sha1": "fc18ddf20a738abd2eebdaf5a95beb3959887c06", "sha256": "afe351f0b284a64abe3b696fb90b17d615d261bb1d416660c092b863fb010f9a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-valuechange.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-valuechange/event-valuechange.js", "md5": "ce3787ce0803f9f1d672363949350f62", "sha1": "9d954d45504ea2f699f22d0e9a89df5e2c64fe4b", "sha256": "6a33f42ce93dedc1d04b373416165be579f4b63419c59ed5d51c7604472041c1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "hi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/hi.js", "md5": "4dcc9fdad33f0b3a197209569fc768f2", "sha1": "b46f642e752689e2a7d2c6f52a8d2fe33200a5bd", "sha256": "4b99e9ebc4296e627e0ba73a528b625801b523eca6c220c497ef5ceaefb1847d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-GB.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-GB.js", "md5": "dba815173101e766b3d0280948d55141", "sha1": "77f2a33dc2aeebd34854fb86cc354ca6af7a8f57", "sha256": "2aec6d08535d4917a2860660db6e3f26f133f4dcc156ce710d65e91a1da5ea2f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "clickable-rail-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/clickable-rail-min.js", "md5": "f83ea026f047df0fd557ddf4f6d71f55", "sha1": "d72e474e2321536462164ff5c4631179856835ba", "sha256": "ebdb9fcf487375d62a79a42fc9d59e21abda39884282396ae2dcbc14fbbf62d6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/clickable-rail.js", "sha256": "ebdb9fcf487375d62a79a42fc9d59e21abda39884282396ae2dcbc14fbbf62d6", "sha1": "d72e474e2321536462164ff5c4631179856835ba", "md5": "f83ea026f047df0fd557ddf4f6d71f55" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/clickable-rail-min.js", "sha256": "ebdb9fcf487375d62a79a42fc9d59e21abda39884282396ae2dcbc14fbbf62d6", "sha1": "d72e474e2321536462164ff5c4631179856835ba", "md5": "f83ea026f047df0fd557ddf4f6d71f55" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-scroll.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-scroll.js", "md5": "8e5779f9a083b3849d589d59c76c73e3", "sha1": "ac14cd96e205aa4557c109a27ad01903e067e725", "sha256": "cef354db86132c1aaa436aa9352b65a37c7c50e7efdacc0ebea3d219a4ea0e38", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-number.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-number.js", "md5": "58ad76e180506fd0e45e16c9db82d6a0", "sha1": "eb9bca87267820205ffdd25ab9b282de8e848016", "sha256": "3fef36621fd1119346217ef50be799175dae8ad9fb62cc656702f5d418dd48fa", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ko.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ko.js", "md5": "fb76e4f67273437bac7a76e1eb62389c", "sha1": "b145584d4a1442373be6f9bbd74af2cdba46a2b5", "sha256": "1d3de171589d60f156ab9f744cabe2997d5fa7deb29a14e50a1d8b03d929f0bb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tabview.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/tabview/tabview.js", "md5": "71bfaae3677aa7e54c306d4b2e67a539", "sha1": "6864e69e7e13fca893dc6f2b017e45fa47e627ce", "sha256": "02951489d961875ddf4c1a53fb369520a07b1dd17c13c2060e68fdfb9fc4845c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-node-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-node-plugin.js", "md5": "c065d200653551c2faaceb45bc6cbcb7", "sha1": "aff38ed4098bcb892108aa5bbd1fa4fb6f2eef99", "sha256": "d0349eec65a4402863cdaba49612a49303919db3deb5096d58c712643a5869e9", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-node-plugin-min.js", "sha256": "d0349eec65a4402863cdaba49612a49303919db3deb5096d58c712643a5869e9", "sha1": "aff38ed4098bcb892108aa5bbd1fa4fb6f2eef99", "md5": "c065d200653551c2faaceb45bc6cbcb7" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-node-plugin-min.js", "sha256": "d0349eec65a4402863cdaba49612a49303919db3deb5096d58c712643a5869e9", "sha1": "aff38ed4098bcb892108aa5bbd1fa4fb6f2eef99", "md5": "c065d200653551c2faaceb45bc6cbcb7" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/link/plugin.min.js", "md5": "b40b5299c37917d5a17523696ea58c97", "sha1": "5fd57364abb97bfde8ef86a04c4c652303bc4674", "sha256": "67807b01c39a7358f21f0b85b39d3e3537de47d92afd8ae7d160aad6516247b6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es.js", "md5": "8086142ed99165ff3dcc8c8489acdd15", "sha1": "7cdeb087a7eac85447991cb2f84da82747188127", "sha256": "207258cc0063fbae247b73efc0e7cbde1206413fecef662866f42040716aac13", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-event-simulate-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-event-simulate-min.js", "md5": "a8e2742cfe946fd0a5fca4d739dc001a", "sha1": "bcb0df5a27e73c504fefb199fb7d6b9c1245f4ad", "sha256": "4fbb74f91ef02126345b166baddb0787dc26e149ca2a783378c90ca8cacec980", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-event-simulate-min.js", "sha256": "4fbb74f91ef02126345b166baddb0787dc26e149ca2a783378c90ca8cacec980", "sha1": "bcb0df5a27e73c504fefb199fb7d6b9c1245f4ad", "md5": "a8e2742cfe946fd0a5fca4d739dc001a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-event-simulate.js", "sha256": "4fbb74f91ef02126345b166baddb0787dc26e149ca2a783378c90ca8cacec980", "sha1": "bcb0df5a27e73c504fefb199fb7d6b9c1245f4ad", "md5": "a8e2742cfe946fd0a5fca4d739dc001a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-MY.js", "md5": "e78c650df3f9ecff657997c499589bb2", "sha1": "b4216230c13b359a348096638557228651340bbc", "sha256": "00f00304836d79ea082059faadce599ddce1337cb1e63af2dfaa33e7df5cd22f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "tinymce.jquery.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/tinymce.jquery.js", "md5": "47b4fd41605e162b5b29bf5bc675690d", "sha1": "e2c02e070fc4a5e9187225790c5812b7f812ea98", "sha256": "764b1ff06d8f4d7c5a240ee64ef96bd124d56b059eff655263c1ebf6e00e9295", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dataschema-xml.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-xml.js", "md5": "44cfa168fc617846f26bcdddd79c3b75", "sha1": "7a496191a4810de8c8ca133b2f03c899ee9c3b30", "sha256": "8ecb44756e0ef4aaaa06ed9a0338dd475443010159c598c32ca82627a4338464", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-xml-min.js", "sha256": "8ecb44756e0ef4aaaa06ed9a0338dd475443010159c598c32ca82627a4338464", "sha1": "7a496191a4810de8c8ca133b2f03c899ee9c3b30", "md5": "44cfa168fc617846f26bcdddd79c3b75" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-xml-min.js", "sha256": "8ecb44756e0ef4aaaa06ed9a0338dd475443010159c598c32ca82627a4338464", "sha1": "7a496191a4810de8c8ca133b2f03c899ee9c3b30", "md5": "44cfa168fc617846f26bcdddd79c3b75" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "rls-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/rls-min.js", "md5": "a1393dae8c3a60a1368e84cec6170bc9", "sha1": "d48033adbf8c2d9a87722b24b4e5c6b0947bb28c", "sha256": "07207118d6b3eb8a5058068458bcd0815e1ca32deee46a0192bfe4d14f45fe5e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/rls-min.js", "sha256": "07207118d6b3eb8a5058068458bcd0815e1ca32deee46a0192bfe4d14f45fe5e", "sha1": "d48033adbf8c2d9a87722b24b4e5c6b0947bb28c", "md5": "a1393dae8c3a60a1368e84cec6170bc9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/rls.js", "sha256": "07207118d6b3eb8a5058068458bcd0815e1ca32deee46a0192bfe4d14f45fe5e", "sha1": "d48033adbf8c2d9a87722b24b4e5c6b0947bb28c", "md5": "a1393dae8c3a60a1368e84cec6170bc9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.drawing.yaxis.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.yaxis.js", "md5": "f10e46bf9d93b938cd810795b5bce020", "sha1": "0a96719f593a7f0eb150585a269976477c669eaf", "sha256": "124a2d43ca68bf858f09f266c7d756a8ddc61b115b28fa84927a5e80d07e2210", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ms-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ms-MY.js", "md5": "6f776415734a8eb10c639aa0f420082f", "sha1": "5018b88f8253a0912c171defa6618bf92186f3ad", "sha256": "1ec96e07b9706fb599150012c65a30eb2ca5d8862cddb2177ea3fbe2778949b6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-key-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-key-min.js", "md5": "b384bd345c20d1f744b8ce9647f296dc", "sha1": "e5188e855b45bd4921741daf92ec25d0cfb480fe", "sha256": "6272ee1fe5b8f082367eb747fc5944d82e3e3bc0066ea83d2c328863832fb97f", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-key.js", "sha256": "6272ee1fe5b8f082367eb747fc5944d82e3e3bc0066ea83d2c328863832fb97f", "sha1": "e5188e855b45bd4921741daf92ec25d0cfb480fe", "md5": "b384bd345c20d1f744b8ce9647f296dc" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-key-min.js", "sha256": "6272ee1fe5b8f082367eb747fc5944d82e3e3bc0066ea83d2c328863832fb97f", "sha1": "e5188e855b45bd4921741daf92ec25d0cfb480fe", "md5": "b384bd345c20d1f744b8ce9647f296dc" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "charmap.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/js/charmap.js", "md5": "23e6f0fdded2c9fd69ba1fd7d69f559a", "sha1": "b1ed10d70a66eb5b68518143a4ab7384c8829b0f", "sha256": "a522da0745d388c93e10409810c2cfe961a6bdd945a3854d1fa1049540140daf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "exec-command.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/exec-command.js", "md5": "aef642efb4a068222940268f6758af18", "sha1": "fea389dc5edfc7ff24d35f151583e7b0b7b0b773", "sha256": "b4b53bee37388d9afcb8da8f18c6bbac397f8cd2ad2851bca09214ca21b89624", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/exec-command-min.js", "sha256": "b4b53bee37388d9afcb8da8f18c6bbac397f8cd2ad2851bca09214ca21b89624", "sha1": "fea389dc5edfc7ff24d35f151583e7b0b7b0b773", "md5": "aef642efb4a068222940268f6758af18" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/exec-command-min.js", "sha256": "b4b53bee37388d9afcb8da8f18c6bbac397f8cd2ad2851bca09214ca21b89624", "sha1": "fea389dc5edfc7ff24d35f151583e7b0b7b0b773", "md5": "aef642efb4a068222940268f6758af18" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-touch-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-touch-min.js", "md5": "f724214c47168519e06e4773df3f0304", "sha1": "95ac9cf91ec7bcbbb84332e05b7e6495c35700d5", "sha256": "86f88697f4abda9b552bd385254d177f27f15eaaeafec5816909ccaa3276d5e2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-touch-min.js", "sha256": "86f88697f4abda9b552bd385254d177f27f15eaaeafec5816909ccaa3276d5e2", "sha1": "95ac9cf91ec7bcbbb84332e05b7e6495c35700d5", "md5": "f724214c47168519e06e4773df3f0304" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-touch.js", "sha256": "86f88697f4abda9b552bd385254d177f27f15eaaeafec5816909ccaa3276d5e2", "sha1": "95ac9cf91ec7bcbbb84332e05b7e6495c35700d5", "md5": "f724214c47168519e06e4773df3f0304" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "da.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/da.js", "md5": "1b8af56bb19ae1696fdfcb4d23645b01", "sha1": "167da2b14f3b99f4c64c8da2cfdf542a3ff11df2", "sha256": "68d87cb03a281a4ac452345182c3c98989f9577230bda926d8f41ff9cdbf6b70", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_zh-Hant-HK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hant-HK.js", "md5": "c84fc2ac4695a4c39c6ff5adc289f8f6", "sha1": "784acdc7887c16880c876f6335b8fc6477a188de", "sha256": "b66793f0bad95ea8e197c171db751817e23b0a75eca0e1f8925884a8c49f432d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.tooltips.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.tooltips.js", "md5": "d62dedc1b8a01dc713d679ea96c0747f", "sha1": "30f1f63dba6b3de4671dc1b85ce1898d6f04cad6", "sha256": "218cbee2f3931e7da7110b579d00b28c4897e3ba73c5ab34da20bf3a75c414be", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "arraysort-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/arraysort/arraysort-min.js", "md5": "d597233edde976f92c436dcb3f2283a9", "sha1": "00c9239473c0698ee96fd2a018c4d20e9ac5e6be", "sha256": "0928c7038523438a71ea8dbedd8839f3c90ca55145cfec23dc00759752704925", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/arraysort/arraysort.js", "sha256": "0928c7038523438a71ea8dbedd8839f3c90ca55145cfec23dc00759752704925", "sha1": "00c9239473c0698ee96fd2a018c4d20e9ac5e6be", "md5": "d597233edde976f92c436dcb3f2283a9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/arraysort/arraysort-min.js", "sha256": "0928c7038523438a71ea8dbedd8839f3c90ca55145cfec23dc00759752704925", "sha1": "00c9239473c0698ee96fd2a018c4d20e9ac5e6be", "md5": "d597233edde976f92c436dcb3f2283a9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jsonp-url-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/jsonp/jsonp-url-min.js", "md5": "048e1524434dd1c0f811a5fc7fb617b6", "sha1": "2be23a3d664794e153e1746b7ba4d403507f8b92", "sha256": "43d6465af1248204edf2b41db0814a617dbc9fdf2fe903cb8a00de508972bd1b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/jsonp/jsonp-url-min.js", "sha256": "43d6465af1248204edf2b41db0814a617dbc9fdf2fe903cb8a00de508972bd1b", "sha1": "2be23a3d664794e153e1746b7ba4d403507f8b92", "md5": "048e1524434dd1c0f811a5fc7fb617b6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/jsonp/jsonp-url.js", "sha256": "43d6465af1248204edf2b41db0814a617dbc9fdf2fe903cb8a00de508972bd1b", "sha1": "2be23a3d664794e153e1746b7ba4d403507f8b92", "md5": "048e1524434dd1c0f811a5fc7fb617b6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_de.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_de.js", "md5": "4f7169e8718436dcd6f10c4e33bdeae2", "sha1": "c1200787981019d7f41409f3d899d73f04dd6d2d", "sha256": "d00c9d878a50a22022263c76db19c2a7f70c7c776e9ef073b028ae2c303ab329", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "overlay.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/overlay/overlay.js", "md5": "8988e0cf030dcfb1b16fd7a09bbbd31b", "sha1": "1fb2a53f5e4bcd15226707dc7b3aa846ffbce39a", "sha256": "d00fca4ec0d3a1829e2d94c08e5a76d9123b1a6c562e08cf29d5d0771770516e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/overlay/overlay-min.js", "sha256": "d00fca4ec0d3a1829e2d94c08e5a76d9123b1a6c562e08cf29d5d0771770516e", "sha1": "1fb2a53f5e4bcd15226707dc7b3aa846ffbce39a", "md5": "8988e0cf030dcfb1b16fd7a09bbbd31b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/overlay/overlay-min.js", "sha256": "d00fca4ec0d3a1829e2d94c08e5a76d9123b1a6c562e08cf29d5d0771770516e", "sha1": "1fb2a53f5e4bcd15226707dc7b3aa846ffbce39a", "md5": "8988e0cf030dcfb1b16fd7a09bbbd31b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_fr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr.js", "md5": "20e5cb3a66056e494054aecb13c3c32c", "sha1": "dc51036fc15aed2e150a328044ba327b099c6221", "sha256": "5a15d878f1236e6f22107bb90dcb83789d309771c6d2748984e30c3ac4435c44", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-native-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector-native-min.js", "md5": "ff1c4bfbcc38791bdc13dc8c7d3c6519", "sha1": "72291b424fb1519e4d8e1c78d52a622d90782fc2", "sha256": "712db9ebd38483d9ee5fbaa6680f1f6873df158ebd5020d35b18948c23d59ea7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector-native.js", "sha256": "712db9ebd38483d9ee5fbaa6680f1f6873df158ebd5020d35b18948c23d59ea7", "sha1": "72291b424fb1519e4d8e1c78d52a622d90782fc2", "md5": "ff1c4bfbcc38791bdc13dc8c7d3c6519" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector-native-min.js", "sha256": "712db9ebd38483d9ee5fbaa6680f1f6873df158ebd5020d35b18948c23d59ea7", "sha1": "72291b424fb1519e4d8e1c78d52a622d90782fc2", "md5": "ff1c4bfbcc38791bdc13dc8c7d3c6519" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/visualchars/plugin.min.js", "md5": "eb356ff4f273a544b6d546eb674dc165", "sha1": "474a3cf0a60c82a868cdf2a2e5408b6c2d7a0a73", "sha256": "3a1fe46529fdd734ff01e10195a4ceb8907e28e615a91d81eac2f555ec475a77", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_fi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_fi.js", "md5": "de9174f95602689b474f2d7ee3cf084c", "sha1": "8fba397ca94ae881587f5cd34d6c4bbb4a04bbbb", "sha256": "7a1619f3fe6756202307b2c64b9052f681d866e501024a11cafb07087f02e016", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/visualblocks/plugin.js", "md5": "fc9368da4204f688cbfa2e57eab2f8d6", "sha1": "43d423b9546389ef91c395c98f69c7953e43b371", "sha256": "87c8403668c1f49a9d738d04f011df7a993456c356736f1c1e0b29b4059df11e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "installCommon.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/installCommon.js", "md5": "36582fd2943ef3fb7c547d5b28a5aec1", "sha1": "801e816d079dabf8adaeb507a28d62cd6987c42f", "sha256": "61fb6bb02c3649c26afa396db96080e85b33dea1222d65fa6f8f023495674c1f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-constrain-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-constrain-min.js", "md5": "3d902627262890f2dd934f840af19cdb", "sha1": "ed99912c8c3a16caaaf8c7105238bef1e87b1646", "sha256": "960b6436590b738da56b994583a6e2382ddf17e6835c80016cf6fa0e41b2a9bd", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-constrain-min.js", "sha256": "960b6436590b738da56b994583a6e2382ddf17e6835c80016cf6fa0e41b2a9bd", "sha1": "ed99912c8c3a16caaaf8c7105238bef1e87b1646", "md5": "3d902627262890f2dd934f840af19cdb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-constrain.js", "sha256": "960b6436590b738da56b994583a6e2382ddf17e6835c80016cf6fa0e41b2a9bd", "sha1": "ed99912c8c3a16caaaf8c7105238bef1e87b1646", "md5": "3d902627262890f2dd934f840af19cdb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-base-ie-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-base-ie-min.js", "md5": "bc5bb16c80f45ec90859aa9c1c3f86bc", "sha1": "e0548effd24686d27c1995f1406e0dafef3a8146", "sha256": "804e0ccacb3d1003dbafdf51fa2d8c02c97b77a3184a384fde70dd81e648d3bb", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-base-ie-min.js", "sha256": "804e0ccacb3d1003dbafdf51fa2d8c02c97b77a3184a384fde70dd81e648d3bb", "sha1": "e0548effd24686d27c1995f1406e0dafef3a8146", "md5": "bc5bb16c80f45ec90859aa9c1c3f86bc" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-base-ie.js", "sha256": "804e0ccacb3d1003dbafdf51fa2d8c02c97b77a3184a384fde70dd81e648d3bb", "sha1": "e0548effd24686d27c1995f1406e0dafef3a8146", "md5": "bc5bb16c80f45ec90859aa9c1c3f86bc" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ja.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ja.js", "md5": "c86a7818ac4f5f305d94e0ea7a7755c2", "sha1": "8bbcc7f008e1f406c3d5907d1fb5b9591eebc6f4", "sha256": "772eaf71b6ea04575fe855ffa2d7d66b63e8d0e1fde8d2b2e38d61538b7ba595", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-flick-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node-flick/node-flick-min.js", "md5": "f9dd98e7bacb7c109a575a9c8a332a2a", "sha1": "4c97112e3068c2fe49b04347ccbf5838e0cc2279", "sha256": "bb6169bd0b6578b35cecf42bb1d1d6c7fd5b7cf3fba33d70cb6f25a48032c095", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node-flick/node-flick.js", "sha256": "bb6169bd0b6578b35cecf42bb1d1d6c7fd5b7cf3fba33d70cb6f25a48032c095", "sha1": "4c97112e3068c2fe49b04347ccbf5838e0cc2279", "md5": "f9dd98e7bacb7c109a575a9c8a332a2a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node-flick/node-flick-min.js", "sha256": "bb6169bd0b6578b35cecf42bb1d1d6c7fd5b7cf3fba33d70cb6f25a48032c095", "sha1": "4c97112e3068c2fe49b04347ccbf5838e0cc2279", "md5": "f9dd98e7bacb7c109a575a9c8a332a2a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/codesample/plugin.min.js", "md5": "5b0a0558fbd87567e90c105d6c5361a4", "sha1": "cad1959cbc63fc52f7113807f10915ccf6bc49d4", "sha256": "988bc797ba972da1ebd35782d240f1db227cee990c6ef92ab478d395207b8ec4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_nl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_nl.js", "md5": "d2c2a349917dba3b7654ac16add0ef31", "sha1": "77d77d7999de8e195c6628b539fd9563a722a64c", "sha256": "8aa029d096720fce0179748cd22178f0af837be0e7d901436457cafd3deb668d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yuiloader-dom-event.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yuiloader-dom-event/yuiloader-dom-event.js", "md5": "3100b6cede715bd8186ff4689ee6f4d0", "sha1": "03ed8048475e45a35c297a129bdd4bcff6a16eb0", "sha256": "f95dc90dfda76094795137c30c1df09ab4bec09714139b17e696a5ef2585ceb5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_sv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_sv.js", "md5": "74863ee2488a87cca2bb2f996f028303", "sha1": "ba12e3de002fbc1639d8a5865202d345f7b6cd6e", "sha256": "f5155067de08fc92ead229e9922b16bfaffed07dc571b4d87a2c70cd3a42186b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "querystring-stringify-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-stringify-min.js", "md5": "7966fb5c6e2dd42332dbd115c4480c58", "sha1": "4163e03ccc1b32ba4e08359521c20ad8e6ee72d1", "sha256": "6a7a9019bf1f75e7e1989c5d8426acc33384559bfd244a53330ed377f6e0d544", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-stringify-min.js", "sha256": "6a7a9019bf1f75e7e1989c5d8426acc33384559bfd244a53330ed377f6e0d544", "sha1": "4163e03ccc1b32ba4e08359521c20ad8e6ee72d1", "md5": "7966fb5c6e2dd42332dbd115c4480c58" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-stringify.js", "sha256": "6a7a9019bf1f75e7e1989c5d8426acc33384559bfd244a53330ed377f6e0d544", "sha1": "4163e03ccc1b32ba4e08359521c20ad8e6ee72d1", "md5": "7966fb5c6e2dd42332dbd115c4480c58" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-io.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-io.js", "md5": "bc5537bb8f6b4af3c1cadbe7b2c76a40", "sha1": "8a2903a32ac8ad0e6ee22d3e255c18eaacd96ee2", "sha256": "439a1f48c3a6d82976797a9c657e3721c066b377b603cc58ec5813dc5751cd67", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/charmap/plugin.js", "md5": "8a7931011935fc826805265b3228c616", "sha1": "0e2a4962fb3ae1c746ffc0e234e8d62f4e7d8925", "sha256": "c38b4585c6f75972d11286b40fadbf9e2ed6839da396aa0efd05b0fc8fbaa48b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_template.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/editor_template.js", "md5": "3ae55e8c6d39407dcdfa5ab8428f91a1", "sha1": "988cf03c1f161bb56af70e8883e98d900e9e41e1", "sha256": "9311a9f034b245dab6183e292ad5317a726b2251be774512707a2326d8a90bc5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date.js", "md5": "0ae8c9a3f4c91fef3027d6d689e6a611", "sha1": "bf580ecf043867da4ef4f622ff93aa235934330f", "sha256": "65b3370c615ccc9eda0292198be3f47656a903b34365ce6db3cbbac1ef0e65d2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-base-ie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-base-ie.js", "md5": "41b95e8554c987cbc443cedf8cd5d5dd", "sha1": "9590acf687d405faf3ee7ef4699da493c0ad7a85", "sha256": "16516fcf0f1ef2bb6c0c363d925bc89c62bb6ab79e962effc6b3fd016e70ce92", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history-hash-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-hash-min.js", "md5": "eedb52dd7b38eea2d5a5ebe8d46db420", "sha1": "8da33bd772d8cb9dadacef3662f589c33d1ab4d9", "sha256": "e9c1a7e0caef89cbeb29e84b4b20737560e4c0da1d569f3377398e680da7c724", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-hash.js", "sha256": "e9c1a7e0caef89cbeb29e84b4b20737560e4c0da1d569f3377398e680da7c724", "sha1": "8da33bd772d8cb9dadacef3662f589c33d1ab4d9", "md5": "eedb52dd7b38eea2d5a5ebe8d46db420" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-hash-min.js", "sha256": "e9c1a7e0caef89cbeb29e84b4b20737560e4c0da1d569f3377398e680da7c724", "sha1": "8da33bd772d8cb9dadacef3662f589c33d1ab4d9", "md5": "eedb52dd7b38eea2d5a5ebe8d46db420" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarFieldCronSchedule.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/CronSchedule/SugarFieldCronSchedule.js", "md5": "af77a1f9447ebb9ec392201746642976", "sha1": "09ef06233ac40bbe6451a6b884ca45744bafae2b", "sha256": "ad524ac4daa29abd1200b05bcf22a1ce083ac68594b8b2a49fbec7a9f68e501f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-get.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-get.js", "md5": "3076bf4eb92d694fd611569aaa3b48cc", "sha1": "1bbdb57d14ea7c24649093374c4d77fae82ffdd2", "sha256": "0cf2dabae50668b2730dd6af3652488392af94aa2ab00720dd0673e6a2586100", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-arrayschema-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-arrayschema-min.js", "md5": "90bb6d463f75967b4d53def71e42b228", "sha1": "2f077dabc59c97c810692812e76592ef2f6bcd72", "sha256": "e8fc7128275dbdc32b2fab9160bbf22e864bc84912303a8c7af0bb1407319be0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-arrayschema-min.js", "sha256": "e8fc7128275dbdc32b2fab9160bbf22e864bc84912303a8c7af0bb1407319be0", "sha1": "2f077dabc59c97c810692812e76592ef2f6bcd72", "md5": "90bb6d463f75967b4d53def71e42b228" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-arrayschema.js", "sha256": "e8fc7128275dbdc32b2fab9160bbf22e864bc84912303a8c7af0bb1407319be0", "sha1": "2f077dabc59c97c810692812e76592ef2f6bcd72", "md5": "90bb6d463f75967b4d53def71e42b228" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dial.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dial/lang/dial.js", "md5": "ae5294a382e8dcdbf7c64164dde581d7", "sha1": "bb68836b41f605f0b7784fb845e1fedafb7b3497", "sha256": "c93d8cecf1a6e5ee16d6a01479e6937040bb1cf646cf9c73dd80485cd27f64a4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/directionality/plugin.min.js", "md5": "60de57253ca9143a6f1e4aff10fc39d2", "sha1": "26131f3f28f9f931e9ea0a8e5f1ef007706f3fc4", "sha256": "fa1798550b63291ccc9bb67dbc71e857991eacbfb18095458e992d6316b714a8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "scrollview-paginator.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-paginator.js", "md5": "0e9e0019fd0fecd758f6bdf9d4fc7718", "sha1": "9915d5f804dfc1354915659abdedb55509feefd5", "sha256": "23b663de6d7bee78b787a1c176135818a1a50390b8cfc08f3b7300ebde4c3e8c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "element-delegate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/element-delegate/element-delegate.js", "md5": "5abc37b914ac7988766819f261481d4f", "sha1": "2ed4fdcd45ec2fa49dd64d006beca24fe7309839", "sha256": "dcc09c54f9ffc27c016ebd00b6429076bf756eaeca60e858ff75e772792bdac5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-base-min.js", "md5": "e8f8280bc1a35ff148f2b18686fd6a59", "sha1": "86e728783d996ea7fe6a838148ea94ec73760ad3", "sha256": "2a7f6b24e93d7355781c3916b7a25cffe44423fe9b92ed49ad8e5ba13b0f6528", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-base-min.js", "sha256": "2a7f6b24e93d7355781c3916b7a25cffe44423fe9b92ed49ad8e5ba13b0f6528", "sha1": "86e728783d996ea7fe6a838148ea94ec73760ad3", "md5": "e8f8280bc1a35ff148f2b18686fd6a59" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-base.js", "sha256": "2a7f6b24e93d7355781c3916b7a25cffe44423fe9b92ed49ad8e5ba13b0f6528", "sha1": "86e728783d996ea7fe6a838148ea94ec73760ad3", "md5": "e8f8280bc1a35ff148f2b18686fd6a59" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/pl.js", "md5": "7df3c3893bde07c80a280435e38f5777", "sha1": "8dff02e39081206f5c2dcc1d4b5f9941c6da6438", "sha256": "b58478c37c8a403e4c8125bbfcd79069ae980d8681b7d287bd75f224cd2cde9f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-AU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-AU.js", "md5": "96e6d776b73b404f044bcc2b2e69bce5", "sha1": "ba8a7bbbfcf185b4c190cbea323e20dbe2dfa396", "sha256": "07938224ec5b23fa7d9d90f41725a69981f4e8a058c34b5e5978cafd6a49782c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yui-throttle-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-throttle-min.js", "md5": "7f0de24c35cdfdb1126b4424219b9ac8", "sha1": "cf5a1bb5942c56f157ba572af426dfebd8767f4c", "sha256": "a36792bbb5aa2470e001c70ceebc1fa8950354be77a6f1563b4fff497c2707c5", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-throttle.js", "sha256": "a36792bbb5aa2470e001c70ceebc1fa8950354be77a6f1563b4fff497c2707c5", "sha1": "cf5a1bb5942c56f157ba572af426dfebd8767f4c", "md5": "7f0de24c35cdfdb1126b4424219b9ac8" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-throttle-min.js", "sha256": "a36792bbb5aa2470e001c70ceebc1fa8950354be77a6f1563b4fff497c2707c5", "sha1": "cf5a1bb5942c56f157ba572af426dfebd8767f4c", "md5": "7f0de24c35cdfdb1126b4424219b9ac8" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "escape.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/escape/escape.js", "md5": "73d6f7b50a316da1ae1dbfb3d5a4dfa0", "sha1": "a4c84f4f0eda9a91147ba93a252fdef3f0716b57", "sha256": "325ffe6c5ee5ad6f0ed291ffa05d5593b66dcb68ebe43a3324b08419b6fa538b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/sr.js", "md5": "7a5e8d4babfc72069736a35d94aa0a24", "sha1": "fd98daad0841f34876c59def17686a5491e7ef46", "sha256": "421bf3f362b0e7bc94e8d0ad63dee467ac738da59f8e87403de0e2ac982f4cdc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "uk.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/uk.js", "md5": "2519a2bacd3b9166f2a6fa94eb848491", "sha1": "19a84c6b101785e1759874310dc64535bf3d3485", "sha256": "54014b0125391fae0b99d6bdc0a5be2d27eaf46c938375d343dbfe88690d91c2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-MX.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-MX.js", "md5": "f095b8b40330cc0f047f427c90b1e449", "sha1": "e9f4482c6219423ca2c24e728c659954fb3e5871", "sha256": "c15d73fead1232d7a86872761676642a34710f8b5994032ad2b896c0f9f0d95f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cookie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/cookie/cookie.js", "md5": "2127ec3263664e6bad3444aaac7c0896", "sha1": "cdc80c05343a67c2019ed354936b967414242fc0", "sha256": "76e2cd880d55fbc5829fee2fd8120f6616814ae87d0feebd8e5fd1d7a5724bfe", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-base-min.js", "md5": "cccb97f8ab2f4ef1de132ab3ae6f3692", "sha1": "2549d8781e1fef04945d42f9cf939e75f81b6b36", "sha256": "85e3155ae0f50e80e06385889ac49a5697ecc8c107967bc453799d6f9f3d5ed4", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-base.js", "sha256": "85e3155ae0f50e80e06385889ac49a5697ecc8c107967bc453799d6f9f3d5ed4", "sha1": "2549d8781e1fef04945d42f9cf939e75f81b6b36", "md5": "cccb97f8ab2f4ef1de132ab3ae6f3692" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-base-min.js", "sha256": "85e3155ae0f50e80e06385889ac49a5697ecc8c107967bc453799d6f9f3d5ed4", "sha1": "2549d8781e1fef04945d42f9cf939e75f81b6b36", "md5": "cccb97f8ab2f4ef1de132ab3ae6f3692" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cache.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache.js", "md5": "1245952f5374f16fa549c8030396eb77", "sha1": "d8fb7c4cdcacdd3aac05534894f1d809aa7882f0", "sha256": "b2fc581345d90c62005a76c8ba0718e1322f0588397e0f59ffbdc625135b65ff", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "PasswordRequirementBox.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Users/PasswordRequirementBox.js", "md5": "ffefdaf9c4ba9696d38c9a66971c1f2f", "sha1": "d498339da75640364f3b62f5542f94e1e81909dc", "sha256": "36800cf0c16cdee009e699f69b9ed2d2d028a0981de7eeeca76be4bd829d0d00", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/it.js", "md5": "ec90bd879336f5c95e7fc35b2c05783d", "sha1": "b24aa6216e3aeb2bb06faf298cfb398cc3c3c83f", "sha256": "6cb00bc0738ce511dd8090173b680aa044dc83074ababd76afdc3b4c917a49b2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "recordset-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-base.js", "md5": "74ec1d34d1ba86eb52aa558ed45ea73b", "sha1": "efe95856b915806e97a63fce032efd8e19618698", "sha256": "11de91253525db09b1433266b985753a837014f79d533b020abf0ef903d39e1e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-base-min.js", "sha256": "11de91253525db09b1433266b985753a837014f79d533b020abf0ef903d39e1e", "sha1": "efe95856b915806e97a63fce032efd8e19618698", "md5": "74ec1d34d1ba86eb52aa558ed45ea73b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-base-min.js", "sha256": "11de91253525db09b1433266b985753a837014f79d533b020abf0ef903d39e1e", "sha1": "efe95856b915806e97a63fce032efd8e19618698", "md5": "74ec1d34d1ba86eb52aa558ed45ea73b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "emotions.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/emotions/js/emotions.js", "md5": "4e3883c58196bee66a6a5f27b62ffb5e", "sha1": "2fcd7d602634ab81cc2d23c612b48c8ddf9815d2", "sha256": "dbc6211b66986ac18d70e42a339d10b6d81a488bec0680ffcaed30ce6477135d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "recordset-sort-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-sort-min.js", "md5": "fd4f2bf381c08df914983e8965e6b075", "sha1": "1aa4ae939f9f8b420a2ebc2dc910513fd1c07f67", "sha256": "83933723cad706b6613aa0a9c83802d4e17435cf036597bcc0ae28ae107e0c8e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-sort-min.js", "sha256": "83933723cad706b6613aa0a9c83802d4e17435cf036597bcc0ae28ae107e0c8e", "sha1": "1aa4ae939f9f8b420a2ebc2dc910513fd1c07f67", "md5": "fd4f2bf381c08df914983e8965e6b075" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-sort.js", "sha256": "83933723cad706b6613aa0a9c83802d4e17435cf036597bcc0ae28ae107e0c8e", "sha1": "1aa4ae939f9f8b420a2ebc2dc910513fd1c07f67", "md5": "fd4f2bf381c08df914983e8965e6b075" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-hover.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-hover.js", "md5": "5ce02e08344cee7bed32d277b1bd6112", "sha1": "908fefedb3c896aa54f51199e6622c0e3e54fe46", "sha256": "9bcfec065605e2f428d431d93d6014df5135dfacefcff9b81b1c3cb2beff4053", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "hr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/hr.js", "md5": "a42edb7ef89ff63c440aaac803018a05", "sha1": "c8dfaf2da7b0241b847917052a707e1457191406", "sha256": "db5f835276c8b660a8856b77732d7ee740e738f2f3c28d3e9d708331ec9ae190", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-EC.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-EC.js", "md5": "ad16dc602ca431ea34c0e9510489f6fd", "sha1": "cd6ab8d4c482391c11d6e10be2f6354bf381f94c", "sha256": "bca66b0f95c2542f6e16234aef51a09b8b5e3ec0e74757dd57fe5bcbeb6a5b72", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "pluginhost.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost.js", "md5": "a48942b391889afb732550e63cc2510f", "sha1": "b7d42b480a4174046491db44edd5c98401ed3922", "sha256": "f50e608ab5d403226225b9c206ea7fadf270ab6cc4230014eeb26db301ec26c7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost-min.js", "sha256": "f50e608ab5d403226225b9c206ea7fadf270ab6cc4230014eeb26db301ec26c7", "sha1": "b7d42b480a4174046491db44edd5c98401ed3922", "md5": "a48942b391889afb732550e63cc2510f" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/pluginhost/pluginhost-min.js", "sha256": "f50e608ab5d403226225b9c206ea7fadf270ab6cc4230014eeb26db301ec26c7", "sha1": "b7d42b480a4174046491db44edd5c98401ed3922", "md5": "a48942b391889afb732550e63cc2510f" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "EditView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Currencies/EditView.js", "md5": "efa66d38015bd46da5d9e92dd8b6e479", "sha1": "00c46903e466f84297e31f1a3aa366ff3d11d22d", "sha256": "99f94a5822e34d9cfeff2de24fdd031e4ffca2d0bc03f58087b097d7c4ccc9de", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "container_core-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/container/container_core-min.js", "md5": "5bf155a377e70c282eda1d96aaabdb37", "sha1": "7505333a430e7d2241f6b94ae83be9c7587e47d5", "sha256": "4471c7bbc525ab23022081967a8e973cadd242e6cbf4786286fe2fabc3e726e5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "profiler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/profiler/profiler.js", "md5": "04739371725e37922a446b6d587e069b", "sha1": "f0772168ec1b137e3ed56bcf6ff175a9d2783f6a", "sha256": "a0b5c75c4f0799bf676a25e1ec5348a325c60009f8baedfcc61384accb031021", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "connection_core.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/connection/connection_core.js", "md5": "12614cc8983cf4703650f25b4003d4f5", "sha1": "5c596b9b5880f1c60ec263e23e4f61564bcbfa96", "sha256": "4ad3c7b6ca943804641521557c4acd47f8f8b617cbbd9f8268808e3b1e4f6f9d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dial.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dial/dial.js", "md5": "5055d2987f9c503bb9dc79f6c4df2988", "sha1": "8d72612a6777bf2a8d3c3d4915fc56f5b3a7024c", "sha256": "f4246ed0f6cccb8c0ecee00080c0cad7890487edfcf658a26616b5ec0e2d6296", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.bar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.bar.js", "md5": "4fc0678caba7e571e9e65d673fb73add", "sha1": "cca3cb63204b2c55e8aee373f55c5aa210b19b83", "sha256": "077e85dc1bf6e4b7a22ffd07983103070634ca6a5baf495065ce7cbc5bb01991", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "anim-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-base-min.js", "md5": "6d538bd720e4e2fd02c88cd3e4d40b80", "sha1": "308a925c68d3502261e671d11e57d93f05538cd4", "sha256": "96d975e94cb9d10efc05b040b2aa25edcd2b8c9738686b9e6279f3d28e95a1ed", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-base-min.js", "sha256": "96d975e94cb9d10efc05b040b2aa25edcd2b8c9738686b9e6279f3d28e95a1ed", "sha1": "308a925c68d3502261e671d11e57d93f05538cd4", "md5": "6d538bd720e4e2fd02c88cd3e4d40b80" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-base.js", "sha256": "96d975e94cb9d10efc05b040b2aa25edcd2b8c9738686b9e6279f3d28e95a1ed", "sha1": "308a925c68d3502261e671d11e57d93f05538cd4", "md5": "6d538bd720e4e2fd02c88cd3e4d40b80" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "rule.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advhr/js/rule.js", "md5": "2fa441f1684a33d3ea89bb31cdea1ba5", "sha1": "ad8b919ea8b8143d85a826a39b0008fa146f3f78", "sha256": "b37b50221c50cb576b196096da7ef3acba2078253775a5ee554cd95a1a831a85", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-base.js", "md5": "3a84b319c49bd881b17fd48caf267192", "sha1": "a586152401a6c81d2b202e6e11f44af7058b7607", "sha256": "55a468e7ac9a4012a8aba6010ab7bbda325b1697cd7d7de5f7c270a9a6726ec8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/inlinepopups/editor_plugin.js", "md5": "db32751b98f40ca6eee24efc848d6cbb", "sha1": "8b255eb6f5418410e596ee8c977f0afa916c3f98", "sha256": "5d9b4bc1fde4ebf7cf5728a40b95ca1bd159288f0938098a12cc26b60029ff02", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-xdr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-xdr.js", "md5": "d61b2880288291ea79c6a5c326e1abe5", "sha1": "94a545ee99618113208594b7604536461dde6511", "sha256": "efe10982d72e225fa0c88e3d7d75c9c33e61134d6ab0d8220c9e142dd2ab3e99", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-xdr-min.js", "sha256": "efe10982d72e225fa0c88e3d7d75c9c33e61134d6ab0d8220c9e142dd2ab3e99", "sha1": "94a545ee99618113208594b7604536461dde6511", "md5": "d61b2880288291ea79c6a5c326e1abe5" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-xdr-min.js", "sha256": "efe10982d72e225fa0c88e3d7d75c9c33e61134d6ab0d8220c9e142dd2ab3e99", "sha1": "94a545ee99618113208594b7604536461dde6511", "md5": "d61b2880288291ea79c6a5c326e1abe5" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SubPanel.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SubPanel/SubPanel.js", "md5": "618e95f14a83813efb3b30142d1542af", "sha1": "0dab0d28bca9cbf6483b3297aed47670da6b9fb7", "sha256": "e0760172f5b57b6bc2fc50eef3f0648613a047228d7cafafa76ad4a0924e28f1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ms.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ms.js", "md5": "222425e7c877b978b9b0698e93fa6778", "sha1": "e0f7e17a78e1510877c2a6854a7f8b6e33c1c11b", "sha256": "9c9181f9f94bcece13eceaac1193f8b559a954b2641358aec465376f2aec1d8f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-load.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-load.js", "md5": "f27f5771a9b0b363c1934b9468ccc6cc", "sha1": "e9844d89cd323a6f5de802dfc0b942791b93bff4", "sha256": "1f096877c5d840988f2fb5b43540e98b45d37209db1ccee6ddd7038ae43926c1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/autoresize/editor_plugin.js", "md5": "adf5cbe96119e3ed9ab4a86ba26405e7", "sha1": "4bda14563ee18d9c958241467c6893c410172cb9", "sha256": "418dd95a8780d162a068477549b43b8797de824ca69aedcf1a8ca5427663f034", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "progress.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/sandbox/progress/progress.js", "md5": "93fc15f457593b107a23889204e8e4a3", "sha1": "3b7ac69e23ae4c25711e11d0b56a875bd2d627ea", "sha256": "b554a0711f072b7562574ab04d55d4566adbb95c4be148915b06c80b56a2f80d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-anim-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget-anim/widget-anim-min.js", "md5": "659d52dbdd59ab073398ab0b66b0b4e9", "sha1": "79193867c3ee7cdab915de93949bf987249f036a", "sha256": "88330ed8aaff2d7c5e8f2afc3c4792331ab4cd100ec618cde2edf5f42a93111e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget-anim/widget-anim-min.js", "sha256": "88330ed8aaff2d7c5e8f2afc3c4792331ab4cd100ec618cde2edf5f42a93111e", "sha1": "79193867c3ee7cdab915de93949bf987249f036a", "md5": "659d52dbdd59ab073398ab0b66b0b4e9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget-anim/widget-anim.js", "sha256": "88330ed8aaff2d7c5e8f2afc3c4792331ab4cd100ec618cde2edf5f42a93111e", "sha1": "79193867c3ee7cdab915de93949bf987249f036a", "md5": "659d52dbdd59ab073398ab0b66b0b4e9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "element_common.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/js/element_common.js", "md5": "7821e436f23c6f22f171c1c857e5f70b", "sha1": "fb19893c26508f6eb4a9562cbc5f1cbbd10a9606", "sha256": "8f6fdf155ebd33d5525fdbede90a037933ce8f9330156ba56a96077ff414d07f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cs.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/cs.js", "md5": "254aeab79f3f43b3c849a391107ad66d", "sha1": "051f50fe330d0c0ce1ef12073462d2396f98474f", "sha256": "547c67a1de2c8e0cd99c3ad002492c7578d2b903b90062f2f312d7855c77c5cd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "logger.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/logger/logger.js", "md5": "46928d74c8fc2d1f19d79626c778df2c", "sha1": "f35648a2d81ba88f71619de88ed55ae369882365", "sha256": "7efa8c09fcd172d9783d8369e70a48e16d71bb97144242fd54535e90132c5c33", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ar.js", "md5": "0182f93fc7fed781585527b4a47aae96", "sha1": "dc76e8d9b6dabafc257380efa7d3d966d55bde2c", "sha256": "bf86f0a50238ac61e1562353b1c5f2339a791172823321fd044c45ba70cb6325", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-filters.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-filters.js", "md5": "b69c5f9cf92a954fef4ae4e5e26ea9b1", "sha1": "0aee4b6ff3ff0900c22bc5705d66879358154b98", "sha256": "8c7e934b20e08773091e72f9b0fdf2a8fb41febed34de2f9720f6e1eba624868", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/el.js", "md5": "d23d8ebd79c901ef51c8da7f9d6cf909", "sha1": "3fd61bc7983f0c7ab242f3a1ff0d29163223a6c0", "sha256": "fbdbdc4ccc91e64f68fbab8c70ebb12c23ddadaa4e7983009c2a30b95aed0908", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_hi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_hi.js", "md5": "3734484543770e8ef6f8090ae5f5aa54", "sha1": "cc7aa36e1d9b44a727a4aa640c291743d5c2de0d", "sha256": "ab345e4bfc27c046b92b5a4a557c624cba86e7ac00c4d35dee97cc01360602b9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jstree.massload.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.massload.js", "md5": "e400938c20acfa5cae355ac5b688a531", "sha1": "b9d1bfc25f0129e05a991a90da6816ccdb98ffc8", "sha256": "98e6a8b1f35d1d1f635d352deceecc69dbb4c6ace009fc3bd18176678ab2ad35", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_pt-BR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_pt-BR.js", "md5": "39a8e774ed504155a13d04b4ce023cbe", "sha1": "e8bf06236460edb112635f301667ea925985e613", "sha256": "e2f77eb41086a86e44c4f674ea4850c04dd2ff8726fb0b55028b0a78ad66e169", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "scripts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Administration/Search/ElasticSearch/scripts.js", "md5": "9ace0e58ad869767682c11975f4ca8e7", "sha1": "f02d42687da71d31cdfae31b29313605fd2e1fb2", "sha256": "8bff118db55cf806564fb8df313ecb62f6e8a7a58300aa5c7223aa37cca76d13", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yui-later.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-later.js", "md5": "3f199976e4f1dceec75f1e4d5331e0b6", "sha1": "0606891321821f00506b7a863247c0f356ef8e7f", "sha256": "765724daecfdae3ec58db7a0a9a574e8885b62200fae0a4771dbbd568903c8e3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-later-min.js", "sha256": "765724daecfdae3ec58db7a0a9a574e8885b62200fae0a4771dbbd568903c8e3", "sha1": "0606891321821f00506b7a863247c0f356ef8e7f", "md5": "3f199976e4f1dceec75f1e4d5331e0b6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-later-min.js", "sha256": "765724daecfdae3ec58db7a0a9a574e8885b62200fae0a4771dbbd568903c8e3", "sha1": "0606891321821f00506b7a863247c0f356ef8e7f", "md5": "3f199976e4f1dceec75f1e4d5331e0b6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advimage/editor_plugin.js", "md5": "8af1f904909820d132bc0cbeb6469130", "sha1": "3e8d0e096aa54f43c450b711525c4f7e0cfd6bd0", "sha256": "1c5c697cbb315db72a80c5ae2c5938742233ca2d83ff8606cff06e14c6d497af", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ko.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ko.js", "md5": "8ee98719e4b067a840c327e70e8e2d62", "sha1": "4559d266ac5bf5c26df04c0df1f8e3ba03ec61fa", "sha256": "a56b650ba04f0e84ddbc88a219acef2d0c010027c613bb05879f2b4f19f7fdf7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "text-data-wordbreak-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-data-wordbreak-min.js", "md5": "db5129bc3898b7c2eb184961b2a05c4b", "sha1": "339d70dc2e697a599cd09165513d79df12bf171e", "sha256": "575452aa572e51fa20a2beb34639f0fa966a8be3da43e117d6ea28c1de9b7ddc", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-data-wordbreak-min.js", "sha256": "575452aa572e51fa20a2beb34639f0fa966a8be3da43e117d6ea28c1de9b7ddc", "sha1": "339d70dc2e697a599cd09165513d79df12bf171e", "md5": "db5129bc3898b7c2eb184961b2a05c4b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-data-wordbreak.js", "sha256": "575452aa572e51fa20a2beb34639f0fa966a8be3da43e117d6ea28c1de9b7ddc", "sha1": "339d70dc2e697a599cd09165513d79df12bf171e", "md5": "db5129bc3898b7c2eb184961b2a05c4b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-menunav-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node-menunav/node-menunav-min.js", "md5": "2bc2b9eebe9400acc4f7e090d11913a6", "sha1": "156e9f36cc9efd138aaff1a96d2d423f466cc744", "sha256": "24a583879295de302b3307275d00662cc0d6c85cfa9df4e190ca1a28e04c4202", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node-menunav/node-menunav.js", "sha256": "24a583879295de302b3307275d00662cc0d6c85cfa9df4e190ca1a28e04c4202", "sha1": "156e9f36cc9efd138aaff1a96d2d423f466cc744", "md5": "2bc2b9eebe9400acc4f7e090d11913a6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node-menunav/node-menunav-min.js", "sha256": "24a583879295de302b3307275d00662cc0d6c85cfa9df4e190ca1a28e04c4202", "sha1": "156e9f36cc9efd138aaff1a96d2d423f466cc744", "md5": "2bc2b9eebe9400acc4f7e090d11913a6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/textpattern/plugin.min.js", "md5": "f3413b95cbfa2817c3de7b02e17743ca", "sha1": "23a05dded8934205e5fee6e705172f5d624d8a22", "sha256": "3baa5bc3db6aaddb2e975e52fb6d038089a32a100ee158538e7560a233fecf5b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ygDDListStudio.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Studio/ygDDListStudio.js", "md5": "841582ac985f136ba2b4d399d0c8dc80", "sha1": "02dc4051d50745de2745e464b2b09fb86f4123cb", "sha256": "157b3369cb314159c845118749fb8562324dd52d8309916166cbb575b09f7ff1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-delegate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-delegate.js", "md5": "7747e11d4abee85b487ef69eff5a2c32", "sha1": "2fc2cb909f9566df1c2928955717637ee1282f7d", "sha256": "926d08b5af088a90679cd90b35402dc60b6d993bcd3f2a9036fe9100b0b7ea86", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-PY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-PY.js", "md5": "edcf5cf882aa46023f71880a52dcdbc4", "sha1": "43e83d1c6841a16e127de7213ddaa0bc91a58fcb", "sha256": "fd7f5bd0fbf63fe28d9efcbab5d2e4773e829023e2529ba33db71d2051660dd0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "recordset-filter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-filter.js", "md5": "83bc157e818482fe597a3193cbd02661", "sha1": "a6d0973383445a89a3da3c0dd3d4f077a45481d9", "sha256": "d2265c0daa8f52b3c63cb02df581ba11233a7203081e382475445780c3a74a42", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-filter-min.js", "sha256": "d2265c0daa8f52b3c63cb02df581ba11233a7203081e382475445780c3a74a42", "sha1": "a6d0973383445a89a3da3c0dd3d4f077a45481d9", "md5": "83bc157e818482fe597a3193cbd02661" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-filter-min.js", "sha256": "d2265c0daa8f52b3c63cb02df581ba11233a7203081e382475445780c3a74a42", "sha1": "a6d0973383445a89a3da3c0dd3d4f077a45481d9", "md5": "83bc157e818482fe597a3193cbd02661" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.cookie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.cookie.js", "md5": "34259e1b3697ec38ec1ad00f29c64305", "sha1": "351604db63ee52e784bbbbaa1f9d77c73620972f", "sha256": "5dcc1f650548dab92380f10aee2a8c4c878ece063b5d4201c1205b3a343f9a8b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "pt-br.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/pt-br.js", "md5": "d174df7d355845fd6b1ea10746e577ff", "sha1": "b09644f4d0798a8dcef29f84b9f8d68177d4813d", "sha256": "367c44e51fcd54f278745542e8486e9b41b4663013befd62888de1721a6a2b3c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "swf.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/swf/swf.js", "md5": "6ab7c83977680ed21326808a1eda8874", "sha1": "baec1c4e7088347f8a638ae41e5b65a8b8feb945", "sha256": "2e98a6e357c333c3ea3d78d9825bf488eeb4129e47dac15b3247876e2fd7df39", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/print/editor_plugin.js", "md5": "53eb1da78f727ee8337671fb86354c17", "sha1": "3ee07adb2817f8b0dbfc0345ff96c5f67deafed5", "sha256": "5a76c9d6c65468a7e0d90f849708a9e139e1cba66d4bafea022d3c3595833057", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_pt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_pt.js", "md5": "eebe23868e2fdcef7117d0fff9fa7736", "sha1": "043a4b088d2c2c45008434211cb823e36feb7e7f", "sha256": "2336c935ed0fd7cd049deeffba06378d84c4d05f4086215249384241b6e20cb6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SimpleList.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/SimpleList.js", "md5": "5b24e05531c646a8eab12eef33bafd33", "sha1": "2a4b98cad7f5ce9660ef3bf19144992db3e9f9b2", "sha256": "23c4a7331220aa78f89021f17b1d6b76d6170f18c11b667111e74d5790ad4fda", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-min.js", "md5": "88b793519f7b170cac88949edee1e07c", "sha1": "d1deb84e1f5a651147e9815f7cb0226c682c859e", "sha256": "5d160468f6448f961f9fae793d67558007fa5a79c17c82890a2c5adb3e67ee47", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-min.js", "sha256": "5d160468f6448f961f9fae793d67558007fa5a79c17c82890a2c5adb3e67ee47", "sha1": "d1deb84e1f5a651147e9815f7cb0226c682c859e", "md5": "88b793519f7b170cac88949edee1e07c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype.js", "sha256": "5d160468f6448f961f9fae793d67558007fa5a79c17c82890a2c5adb3e67ee47", "sha1": "d1deb84e1f5a651147e9815f7cb0226c682c859e", "md5": "88b793519f7b170cac88949edee1e07c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.dynamic.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.dynamic.js", "md5": "affcd1244a8468db1463f66079a96458", "sha1": "b8f1a4d12fd7f355e2bd4ea2923b015d56725843", "sha256": "f2bed43db03b258f91cb40a46563369f75c7ac23a91904b621909505ea56e131", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "connection-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/connection/connection-min.js", "md5": "3834444825ca139c250b529948a6ca84", "sha1": "291d3cbc61014688dac3f636b20ea7ec1cf3f04a", "sha256": "9c1a5b335b11ff9ae7de188bc8408c138f6a6614eb0eb037c5da9040f85907b7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "import.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/DetailView/import.js", "md5": "2520b3f5a4d52e3e42ae941df6d2adc5", "sha1": "a74d56a7e0095829337d49c7e1150912fbd5bb44", "sha256": "31453f10e10c57a6ebd8ee48bf9f0a8f9be2be1407f05dc8af47138179726b8e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "swfdetect-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/swfdetect/swfdetect-min.js", "md5": "aa13411de0eca62acad7b492179c80e2", "sha1": "7138b74cbb0ab4a4d043465812937c55691ed5cc", "sha256": "720821a506d2461da9c319d401fa09c3cd2d6b6069504e4920873be5ce886f71", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/swfdetect/swfdetect-min.js", "sha256": "720821a506d2461da9c319d401fa09c3cd2d6b6069504e4920873be5ce886f71", "sha1": "7138b74cbb0ab4a4d043465812937c55691ed5cc", "md5": "aa13411de0eca62acad7b492179c80e2" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/swfdetect/swfdetect.js", "sha256": "720821a506d2461da9c319d401fa09c3cd2d6b6069504e4920873be5ce886f71", "sha1": "7138b74cbb0ab4a4d043465812937c55691ed5cc", "md5": "aa13411de0eca62acad7b492179c80e2" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_it-IT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_it-IT.js", "md5": "0fcebbb3a8a5997d19cd59e9e748c287", "sha1": "03bad653fa559ea2b86cd51425c6e82e10c5e1d3", "sha256": "e84723fe2e1a928cf7fe4e4022f9265c0a9468f6ee261b0aa5c80fe80239fdb2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format.js", "md5": "f0cd1e8bcb909da605f7981d35cd8166", "sha1": "4dedac1c45fb9f7b4daabe92db416206a137fd77", "sha256": "10680c3053fc3b3ff24bf2e1ced8a5eb4a392e1b6617285a3257e1d83a16487e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tabview.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/tabview/tabview.js", "md5": "86a208edbb36a6b75caed1dc5f59852c", "sha1": "51172c970ba44707f15c9bdd0d7cb2eb880d0cf1", "sha256": "f3b68214667be4a25d180fd91c8eec16d5406778a07657550504a48fcf24bc6d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en.js", "md5": "3224b049a8704c9a309144ba0c976636", "sha1": "6029cb16f9becef62beae0bfeab8e6924f13a844", "sha256": "44562d345830ec3cccd708ffbc37a09ff1063d1e4d0962df6fabceada4b06b78", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "frame.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/frame.js", "md5": "c69c1d05ce014c6883b8fb0ec6318aff", "sha1": "7a42dd4b9848b4571eeceb91ceb0ffa037d810de", "sha256": "c58c70c10074f4040221bd4cdd06355e1312efc4b54ee08969bf0c1111a697d4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-MY.js", "md5": "fab89fe7500a01003afb6441f7944b05", "sha1": "63b9f3a5bdbdebb0bc8f6a7259fa1a96121bc829", "sha256": "d5da746f6aa243c20485a715be4b76567416381a189d8e30312b3ef4e6ce1a45", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "swf.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/swf/swf.js", "md5": "fd6ebecf52004e6de8ca687ac3bac3df", "sha1": "2bdb825c32952e578677590f721e286b3cf364e0", "sha256": "7c5bb62b0bfb72106c8fc2dfac1f656fe514736a39de13e4748664b09f13ce4e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/swf/swf-min.js", "sha256": "7c5bb62b0bfb72106c8fc2dfac1f656fe514736a39de13e4748664b09f13ce4e", "sha1": "2bdb825c32952e578677590f721e286b3cf364e0", "md5": "fd6ebecf52004e6de8ca687ac3bac3df" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/swf/swf-min.js", "sha256": "7c5bb62b0bfb72106c8fc2dfac1f656fe514736a39de13e4748664b09f13ce4e", "sha1": "2bdb825c32952e578677590f721e286b3cf364e0", "md5": "fd6ebecf52004e6de8ca687ac3bac3df" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yahoo-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yahoo/yahoo-min.js", "md5": "839e18c2abe9817eb0b63acb4f014aa4", "sha1": "f63225ad08c2769101b7db1604bb84eef07d6747", "sha256": "c642c7ca52f6c1109ae4f95cc996868b27c2aa5d230bb2fae8b73969093eac17", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ro-RO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ro-RO.js", "md5": "5d54eec52a9519e19e0f3804bcd72850", "sha1": "2d4330884c97c14f0ff493f736600467ae3e3066", "sha256": "be3592a4f0259f2e0e61625b9f8363ae9afd060c1ffc99184e0b648c550eceaa", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/spellchecker/editor_plugin_src.js", "md5": "8b752a82741c05573b7591571a73238a", "sha1": "c5eb6ed2dbfe24b0480872d1f79b7399b47c4739", "sha256": "2e51e33ee3fd108ecadd5776fb3e74cd9538bc345d6d007be7e3388b75e2af7f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "console_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/console/lang/console_en.js", "md5": "3b06a24f583170224ced0d0ce8a09d90", "sha1": "768ed402396be8d38e9945231ff27fb027eb4dd6", "sha256": "713eb5a40391c6379465b9209cb5762416e30705e9376141813c80f02128e5fd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-textschema-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-textschema-min.js", "md5": "67f47d2a6bfbfb8d8ab0a4e41320a05a", "sha1": "bd5e14e053cbed5da2cf116a7a6520f466bde5a5", "sha256": "78d5ad931b9dcbc315eb5b221522510402163be99383807cc995bf8c2435edcf", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-textschema-min.js", "sha256": "78d5ad931b9dcbc315eb5b221522510402163be99383807cc995bf8c2435edcf", "sha1": "bd5e14e053cbed5da2cf116a7a6520f466bde5a5", "md5": "67f47d2a6bfbfb8d8ab0a4e41320a05a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-textschema.js", "sha256": "78d5ad931b9dcbc315eb5b221522510402163be99383807cc995bf8c2435edcf", "sha1": "bd5e14e053cbed5da2cf116a7a6520f466bde5a5", "md5": "67f47d2a6bfbfb8d8ab0a4e41320a05a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/insertdatetime/plugin.min.js", "md5": "c65e3d48af19c32bdc45fff669e62048", "sha1": "146c52f4b7d57460be1797471c4ba102b3dd6ada", "sha256": "09c99ac2b89a7a30ca8d4892bfb24d38ebd5425ccae3e9b11ca928194ab8b36a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.ui.touch-punch.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.ui.touch-punch.min.js", "md5": "700b877cd3ade98ce6cd4be349d81a5c", "sha1": "c1c36e6927436231eb20474356b29667c4c648aa", "sha256": "000854d782781aff1b16ea5451c1da3d07efadd35ab911ccb7e4b851571a25bd", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/touchPunch/jquery.ui.touch-punch.min.js", "sha256": "000854d782781aff1b16ea5451c1da3d07efadd35ab911ccb7e4b851571a25bd", "sha1": "c1c36e6927436231eb20474356b29667c4c648aa", "md5": "700b877cd3ade98ce6cd4be349d81a5c" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-delegate-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event-delegate/event-delegate-min.js", "md5": "f68779179954765b5164491f331c1d79", "sha1": "acb930e0ee72f943a83d7b309d9df3a82e101867", "sha256": "26b9b8600679b93ece9f12da2a3addc0168ee3e8885b228b9c4d59d5d5490a18", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_hi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_hi.js", "md5": "9027f708d88e6bf1a1da4e9178f3593a", "sha1": "503bc2fa25bbfd80dc35945cdf57ab21d4cff384", "sha256": "3fa553cfce25550556235885dbef85f1e48a0be4e03acd328af45cdaf23dca46", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-child-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-child-min.js", "md5": "7a2b405326d6ffa9101fb8a891fec230", "sha1": "45f957ba2598435860db25a838bde4aa66db9cd9", "sha256": "e7973a21f66667fb41e56d61d0be600bb302aed47994c8b85c2ec68a869a01f5", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-child.js", "sha256": "e7973a21f66667fb41e56d61d0be600bb302aed47994c8b85c2ec68a869a01f5", "sha1": "45f957ba2598435860db25a838bde4aa66db9cd9", "md5": "7a2b405326d6ffa9101fb8a891fec230" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-child-min.js", "sha256": "e7973a21f66667fb41e56d61d0be600bb302aed47994c8b85c2ec68a869a01f5", "sha1": "45f957ba2598435860db25a838bde4aa66db9cd9", "md5": "7a2b405326d6ffa9101fb8a891fec230" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-ddm-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-ddm-min.js", "md5": "f34d871d842d325309f97cc6fb0b2f28", "sha1": "a4773fa4fbfa2fbb487451a06d20dc5f9865d760", "sha256": "7c64dae9d4c812a7897b0becfc2db38a0f351cde96505fbd4cd3c0a418b72ffd", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-ddm.js", "sha256": "7c64dae9d4c812a7897b0becfc2db38a0f351cde96505fbd4cd3c0a418b72ffd", "sha1": "a4773fa4fbfa2fbb487451a06d20dc5f9865d760", "md5": "f34d871d842d325309f97cc6fb0b2f28" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-ddm-min.js", "sha256": "7c64dae9d4c812a7897b0becfc2db38a0f351cde96505fbd4cd3c0a418b72ffd", "sha1": "a4773fa4fbfa2fbb487451a06d20dc5f9865d760", "md5": "f34d871d842d325309f97cc6fb0b2f28" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "recordset-sort.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-sort.js", "md5": "38519135ab86332ad4aa0ed49927baf1", "sha1": "cecab87305af265bf20b4b7b9aeae85d4d8eef03", "sha256": "c3c2be24034c4d5ac34d62414930faeeca081b3c3995d20f386d535d87f85683", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cookie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cookie/cookie.js", "md5": "5cc670450f369472f8f48db2a9b473ae", "sha1": "88856cc0ad0a84df117409c9ba59149deb1c486b", "sha256": "7877beb3b579f6e7fadc46017b6662694ca3d3c5e8c40d09c49ffe080d876606", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_da.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_da.js", "md5": "9277227348cfe58c213e4e527df7f5bc", "sha1": "6b708ecb426fc3d2204755bdd5b01259466b68a8", "sha256": "e3fae668162ad485bfdc9d0dbe69970b1e4ee8c3dbaf3b99e002c2a5dc93ee38", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-GB.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-GB.js", "md5": "97cffb0aafaf5e5e2cc417c204147532", "sha1": "1f5ae7732d978e6633083acb82889de5c6b0652e", "sha256": "8fddde958a015cc7c25f22559cc993a4f60abd96e3a7df1555b5a765bdb851e3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "scrollview-base-ie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-base-ie.js", "md5": "470edbbd6e793a60b37538153215f449", "sha1": "f7118e727a72a2312d173e99066c58c5c907b983", "sha256": "ade6358256d1d8a68354deb1d97c289ac91156f4fd4170d1b9691a047e007525", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_tr-TR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_tr-TR.js", "md5": "b28273c6347004320adc1c129d864799", "sha1": "c159db2ace7ab7257af5c5dc5aac14f00e653fa9", "sha256": "c80fdea1b9525ec2952aad11fc8aa627d3d2ed71472131d956480910c772d88e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_th-TH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_th-TH.js", "md5": "2e74cea19c197e2126cecf55f8437096", "sha1": "4bd6e958cd114925b9ffb667e3ee26f3c4e653d0", "sha256": "098f66a02a63f7083760a14b5fcd140ade06ecad5a356447038d0c9b2478a70c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en.js", "md5": "713bfadc75fcfea6f858d8664f856e55", "sha1": "bb2bc1f90b5e4503149774cde89df9eea84031cf", "sha256": "e7d4256e4f217d211cd4e9394cdf570cee4768ed33b3278b34a3b8d41f321ab8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_id-ID.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_id-ID.js", "md5": "8abf29019954ad25067790f48b3b68a3", "sha1": "1912234b3e0370e986f7919c455b2e7475d7f6f9", "sha256": "94ea4183de1b353f836068463da5cc7d184b2448e13b17d8131f07d1d88a3b89", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "array-invoke-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/array-invoke-min.js", "md5": "cac6be5169366ddd3feecdf13bd4e5e4", "sha1": "cb487e197efbda9314621cce94c04babce69ca06", "sha256": "2fd22284fb9c9cef77b8579147471ff05cc001bbb124720f8145923f569d7911", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/array-invoke-min.js", "sha256": "2fd22284fb9c9cef77b8579147471ff05cc001bbb124720f8145923f569d7911", "sha1": "cb487e197efbda9314621cce94c04babce69ca06", "md5": "cac6be5169366ddd3feecdf13bd4e5e4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/array-invoke.js", "sha256": "2fd22284fb9c9cef77b8579147471ff05cc001bbb124720f8145923f569d7911", "sha1": "cb487e197efbda9314621cce94c04babce69ca06", "md5": "cac6be5169366ddd3feecdf13bd4e5e4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_da.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_da.js", "md5": "c05cce8c89130f8a100ba770e45d3fe2", "sha1": "a6f07ca6c63a487b6369273a6e7a97f7bb3b27db", "sha256": "c395f53ed74d9bf50030b828bc35b1ed3c1450698945955be866bdc956e3e919", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-gestures.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-gestures/event-gestures.js", "md5": "c2c6a2dec2af904bec05daee5765b321", "sha1": "98db68f25d4edbc78a000b4e2de9e7382018060e", "sha256": "0636eceb41e8121fa34735f15b68203885a697f2c59df9c1d627b30376778e07", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "querystring-parse-simple.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-parse-simple.js", "md5": "88e8d0d0ea7883a1fa12d621784755e0", "sha1": "d0277de87c1ff56512f309596aa3084ae48d355d", "sha256": "71aa7eed1ed57b22301bd10ec114d88ce39f78c6e605a5e16a9b686d16bd16c6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-drag.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-drag.js", "md5": "fb32af90eff8e2c5bd7b2f3639bb0d60", "sha1": "31f08ed83b3df606eac1aa4f30263776bd85acaa", "sha256": "df063f80cb1d1c76a9a8e27ddbb56370e242cd16dee7058f47c1c382ab7283ed", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/advlist/plugin.js", "md5": "625cd6129d9357ad40512d963b13c5cf", "sha1": "c181cdd1ef07c5f1e5cdd9a8e407f13e1c4cd330", "sha256": "15df800ca6f5ee5d87b8ada5323e578ef2d33d50642695e056681ba9cecf62b2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/hr/plugin.min.js", "md5": "5c23255ad2d11db3f72c33b649f1389a", "sha1": "6a305889f4b3e54a46d82c37d1e782bebc78185a", "sha256": "1880a72526a3788c1483b4b3403d5510c501e985cbb4421ccebe1065b5ec2c6d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es.js", "md5": "ad43590093905c0d4204fbc55d74faef", "sha1": "f5197f80cddf199f4b6fbef9c06a186b1bd52248", "sha256": "0e91faf423de299925180ab3eca513691ea2ccbb57f1147e5578a81a83dafd72", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "anim-curve.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-curve.js", "md5": "785aa518fd40b7ff4d8ebf3c560e7039", "sha1": "d0a991806c742d8bf4f9ed25a7ea415570b8bf81", "sha256": "575dff7e0564ff71296e471429fc4e4f3629e9337cceec7f9d6fa5673907541b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-curve-min.js", "sha256": "575dff7e0564ff71296e471429fc4e4f3629e9337cceec7f9d6fa5673907541b", "sha1": "d0a991806c742d8bf4f9ed25a7ea415570b8bf81", "md5": "785aa518fd40b7ff4d8ebf3c560e7039" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-curve-min.js", "sha256": "575dff7e0564ff71296e471429fc4e4f3629e9337cceec7f9d6fa5673907541b", "sha1": "d0a991806c742d8bf4f9ed25a7ea415570b8bf81", "md5": "785aa518fd40b7ff4d8ebf3c560e7039" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "menu.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/menu.js", "md5": "54f623f878f08800ab8645334b5a4e19", "sha1": "8ed42faaf4a20767cfaf831e86cf7ef2ace4604b", "sha256": "da8b2fb8da90cf7820ae0707747856a79d5c27305ce21ab7697391fc21743f07", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "EmailUIShared.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/EmailUIShared.js", "md5": "dd25ff03a2af3d6f51d15892bb4e8e91", "sha1": "7c4492acdc2997cbcb7b14e835e21376579c185f", "sha256": "f9d3d4ed8de907884b4b42ed753264142f92c6b3669d6659e34cb229c04ec313", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_scheduler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Meetings/jsclass_scheduler.js", "md5": "c3d617e8a85aa7ec95a803c2caceda63", "sha1": "524e9287de271806f9cfe7737d7b0a125afe9093", "sha256": "64276b09bcbd9b8f93ac092945beac56996adf0de971ac20f82ea1acd1d336c6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "history-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-base-min.js", "md5": "6eebd06843cc4bfe1059f3f4e64ea718", "sha1": "1aad1ef5c9b73568c16e0e525f3884b40b67501e", "sha256": "c586b1c8f0ba810c281de5cabe2e5ef209d7ecba2523d2799baca098c544e10c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-base-min.js", "sha256": "c586b1c8f0ba810c281de5cabe2e5ef209d7ecba2523d2799baca098c544e10c", "sha1": "1aad1ef5c9b73568c16e0e525f3884b40b67501e", "md5": "6eebd06843cc4bfe1059f3f4e64ea718" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-base.js", "sha256": "c586b1c8f0ba810c281de5cabe2e5ef209d7ecba2523d2799baca098c544e10c", "sha1": "1aad1ef5c9b73568c16e0e525f3884b40b67501e", "md5": "6eebd06843cc4bfe1059f3f4e64ea718" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema-json-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-json-min.js", "md5": "26b2574116e7f6f9e105927bef5fc9b3", "sha1": "793c5aac7c6252c531c2ccd6619709a7c579ee69", "sha256": "4f96a0b0028fd5ba70041082d3e5ea372561963f8bdf5741750c4bbd04fa0150", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-json-min.js", "sha256": "4f96a0b0028fd5ba70041082d3e5ea372561963f8bdf5741750c4bbd04fa0150", "sha1": "793c5aac7c6252c531c2ccd6619709a7c579ee69", "md5": "26b2574116e7f6f9e105927bef5fc9b3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-json.js", "sha256": "4f96a0b0028fd5ba70041082d3e5ea372561963f8bdf5741750c4bbd04fa0150", "sha1": "793c5aac7c6252c531c2ccd6619709a7c579ee69", "md5": "26b2574116e7f6f9e105927bef5fc9b3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "mySugarCharts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarCharts/Jit/js/mySugarCharts.js", "md5": "2f84790497e288fd89ba307560f09c5f", "sha1": "18afe40334844d698c956529a3b29b26ce1ca644", "sha256": "d3c51f619a9ac6c4b19c8b30dc7a412f3de0906f6b3de52c671ce3b3e0cbdb86", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "attribute-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/attribute/attribute-min.js", "md5": "12f13ca2c3ef2def0f743302a15cbf0d", "sha1": "23b3064087ae4cbd3b81afe6389fa7fbba998358", "sha256": "08bb1533645a7018db930e97425fed708479275278ddadc5fef06dac78c1824f", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/attribute/attribute.js", "sha256": "08bb1533645a7018db930e97425fed708479275278ddadc5fef06dac78c1824f", "sha1": "23b3064087ae4cbd3b81afe6389fa7fbba998358", "md5": "12f13ca2c3ef2def0f743302a15cbf0d" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/attribute/attribute-min.js", "sha256": "08bb1533645a7018db930e97425fed708479275278ddadc5fef06dac78c1824f", "sha1": "23b3064087ae4cbd3b81afe6389fa7fbba998358", "md5": "12f13ca2c3ef2def0f743302a15cbf0d" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-JO.js", "md5": "530b75417f321eaa5b0ff0abb57bcae7", "sha1": "81c7253a46f0bc2ad362be7c5a7bb30c9f1a2654", "sha256": "582117ac8586a9521b6f9d31f27e2b994e1b7276530b25500dbdc1561830a398", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "simpleyui.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/simpleyui/simpleyui.js", "md5": "c547075c3ab339d74245780316a77e79", "sha1": "9e6437772a1ccff95725c62ce8e4ec4a7d8a9419", "sha256": "d4597f0cd14d78caaedf32d591166efc15e295a012c2f6670bf8b9250c6a3ea9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "test.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/test/test.js", "md5": "9fa467c8112cf63e88eedb53e7a26641", "sha1": "e75dbaca360d4e5ee68aec3a93c620085c54164a", "sha256": "fb37380f572e27b2abfb579a6198b50169926b3ff03945586367593f8b756aa7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/test/test-min.js", "sha256": "fb37380f572e27b2abfb579a6198b50169926b3ff03945586367593f8b756aa7", "sha1": "e75dbaca360d4e5ee68aec3a93c620085c54164a", "md5": "9fa467c8112cf63e88eedb53e7a26641" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/test/test-min.js", "sha256": "fb37380f572e27b2abfb579a6198b50169926b3ff03945586367593f8b756aa7", "sha1": "e75dbaca360d4e5ee68aec3a93c620085c54164a", "md5": "9fa467c8112cf63e88eedb53e7a26641" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-gestures.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-gestures.js", "md5": "4d404dda35b21528d510655a57d476bb", "sha1": "e197f3e23a1dddc427459600abfe8fb4f9167dbe", "sha256": "9b2e3ebc62a10b735e8776de13b34f6ddcae1482818006cb0635883dc3efac1b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-gestures-min.js", "sha256": "9b2e3ebc62a10b735e8776de13b34f6ddcae1482818006cb0635883dc3efac1b", "sha1": "e197f3e23a1dddc427459600abfe8fb4f9167dbe", "md5": "4d404dda35b21528d510655a57d476bb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-gestures-min.js", "sha256": "9b2e3ebc62a10b735e8776de13b34f6ddcae1482818006cb0635883dc3efac1b", "sha1": "e197f3e23a1dddc427459600abfe8fb4f9167dbe", "md5": "4d404dda35b21528d510655a57d476bb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "quickCreateModal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/DetailView/quickCreateModal.js", "md5": "cb691e71a06d0a84af51cf01e143e1c6", "sha1": "daa04a37d175207f53d9a77c22eab4c5d3be3224", "sha256": "a417fb4a87581fef3e12fe6815b2f6f46db419cf10cd3987576424fc74a39ddf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-AR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-AR.js", "md5": "45d72d142d8683a0d0e0a36028259194", "sha1": "da75a293c123e17ce0badc6dfbe5f70c0fad41ac", "sha256": "0b4de63110a61ee3b29234636d84e0412d36a3347a3f9802783daec009e4632f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarDependentDropdown.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarDependentDropdown/javascript/SugarDependentDropdown.js", "md5": "5ac4fce0d1493f514c531c0dcc7b7ed9", "sha1": "29be1fdc7487eda2f613f23d165bbfe8f90f036d", "sha256": "1536d6a5c421b8f2f12e3301cb8c26ee532b2019423f1d931cfa08d2bc9b524f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Schedulers.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Schedulers/Schedulers.js", "md5": "af375a3556e50914b7a713e0fb8d8f29", "sha1": "611e3c169ef827bc6d3be7fce6aab20e61cd47eb", "sha256": "44e8e05c6b0b79e43d5bd2cbaee7b788841c13988f61291b8d704a06a7a84735", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/jsclass_base.js", "md5": "0e99f15d99c783d457d96e3198c0cb95", "sha1": "f09228fbb6e2d46800d1653c5e4d4632366f393e", "sha256": "3943c2efe7b2bbbc22fd87565d9a8a009b6016d5c19737d1aac32bbf3abe144c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "message-box.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/message-box.js", "md5": "c4e1854f58023512499edd90d0e9172e", "sha1": "4eb184a5176826a592ddc6391fdbf51e1aa73192", "sha256": "7085192f0b85edae530c5f7e7a6761b5eb08ab83cfaf057308e819a222fa983b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_pl-PL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_pl-PL.js", "md5": "5878cfaf25b84a16793161ac0e9ffa44", "sha1": "228d07a53f49f11ee6a7ad1c75d817fa205c14b7", "sha256": "648013148deb0414155f6e1ba3c2b5a327adc8d28c6ee19b6b4cee395503944a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/legacyoutput/plugin.js", "md5": "99299a6310795b34524e34ba1b42b081", "sha1": "c44ad5a74f4fc1f43bc1de0afd7770088d5c9718", "sha256": "9ae7ded9d700d270c84554910166f20f0f7f720b91ec89231a233ca2ddcb4fd2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ins.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/js/ins.js", "md5": "f659a3cf2fca7086e37718beb9dd2ff9", "sha1": "d84df28c8a0d2db960d6cc99f9b313d09dc64128", "sha256": "ce06f28583b3f18472421f64570bdf00ee302ac2d4d9989ad6c00bf3b4089665", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sample.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/sample.js", "md5": "39fc04bb5962625e1a056377a42ddfe8", "sha1": "aacce41e9e373a1bd5121daf0d998d44e5e65ef8", "sha256": "c91991c0078c3bc778b3193149a70918e8098d0d7df5e948e27984546fbeb3aa", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-scroll.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-scroll.js", "md5": "f9258cbf39703655d0299ed413be8c4a", "sha1": "b30c55db237272a2c0d4e160eca5ee8c3dbe3e90", "sha256": "aa1f63becb416a02ccd533ce7b9d1750bd26583bed6b4a89039fb76ccea453d3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "transition-timer.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/transition/transition-timer.js", "md5": "3bd2a6587f476f26d32a52e7d0af9a07", "sha1": "20e4274205ba5f27dc9e62f8037a9c89c366e879", "sha256": "1c18e1f886018dbaba1c7fc1a32908a2d9fd85dadccf5e5f57c6b1c2821245a7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "oop.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/oop/oop.js", "md5": "1f014de559d4f43068dfd1355dea640e", "sha1": "1058bdac08be1b066a26b7ca5e82b5722424ec80", "sha256": "ed8f35ca39d834b528c990a69da6986c955a5368465dcf0130d639af934587cf", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-min.js", "md5": "77200e3a0b3f5f37325552f6a6650d49", "sha1": "7115da1cd64dca321e5208ccaa48f8d903b87989", "sha256": "e0ffefea578746b7b780f268fb82ea5161646a23634cbd3f0b89480bc024a838", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-min.js", "sha256": "e0ffefea578746b7b780f268fb82ea5161646a23634cbd3f0b89480bc024a838", "sha1": "7115da1cd64dca321e5208ccaa48f8d903b87989", "md5": "77200e3a0b3f5f37325552f6a6650d49" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor.js", "sha256": "e0ffefea578746b7b780f268fb82ea5161646a23634cbd3f0b89480bc024a838", "sha1": "7115da1cd64dca321e5208ccaa48f8d903b87989", "md5": "77200e3a0b3f5f37325552f6a6650d49" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.tinymce.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/jquery.tinymce.min.js", "md5": "cc607b8615760e235ea0c3e5df331f38", "sha1": "924098833957133bffa63e592f28b4f52a7b257f", "sha256": "aa5898adf6468ec69c5148a1e905f09796f36dafd8ca836baf3044a00d69b737", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ms.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ms.js", "md5": "a4e438bf7cb550e1d7342aefa1003b17", "sha1": "91ad91710f04576eea0c4a4388d5fa24c86a4d35", "sha256": "dbf12d0a43e618ab57effc077cbcc38e4d8cd2049301254d59e389541a63c3e6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/nonbreaking/plugin.js", "md5": "7ddab7befe4000d52787a08c7c8922c7", "sha1": "ea0755c629465836df73c6542526abc5eb2cd93f", "sha256": "642b6b529d2776f7816489b5ed0ddacdcec5aff4b48334140b47c3c3603ea6ab", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-CA.js", "md5": "40eaaaa3e99bb77d278b045b265b1a0e", "sha1": "10e0e006c4599b1d138cee6e5f2530b83daa6823", "sha256": "b79cd704221497c266e8995e7d4ac1f7dd95162126faa654c26c7ea1a4afd2f3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-simulate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-simulate/event-simulate.js", "md5": "ca3e81e3b015f0b814432268c9f4e259", "sha1": "728eb97eaf0187474476463965e9a86e81ae8c14", "sha256": "82a361bc6cabe45e0076a6b827446207d243f77a59ceb02e7bdba7f3d0e0ca52", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_zh-Hans.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_zh-Hans.js", "md5": "ad8c6353fadfa590c26dc877b8767d80", "sha1": "27a4dfe7f33f1b9b4934d1025a392c1ef4f162a2", "sha256": "c39025d0e195393cfb92163f0b900654cbe8caee053b59a735ea746adce7b8b1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ko.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ko.js", "md5": "7f110769a02932334443cfb79a9a4dfd", "sha1": "a0bf23425b71a45e5f70ffe1243922746c58d05a", "sha256": "4b1229a87c2e4f996a3652bc460eb655e8ceb02e04fd732f29fe4a0e35c002d8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-US.js", "md5": "9bac72881d60a04eaf394f2f3352f981", "sha1": "f7b9d38d9e5b8bea10c79a8f00d90556eec78312", "sha256": "fd8ba168f50a9e9e90de61299ca67372a9a254585be2cfb15da27f6c5df1229b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "createlink-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/createlink-base.js", "md5": "34dba90b52c233a86f3c8da9f508c072", "sha1": "6d40a23013be403940155ca4fa60b176f186eb41", "sha256": "cd8f09fc4c833eb38a5e8ad468ffed90ca9c51b734b61315c3a7aa349ca20831", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/createlink-base-min.js", "sha256": "cd8f09fc4c833eb38a5e8ad468ffed90ca9c51b734b61315c3a7aa349ca20831", "sha1": "6d40a23013be403940155ca4fa60b176f186eb41", "md5": "34dba90b52c233a86f3c8da9f508c072" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/createlink-base-min.js", "sha256": "cd8f09fc4c833eb38a5e8ad468ffed90ca9c51b734b61315c3a7aa349ca20831", "sha1": "6d40a23013be403940155ca4fa60b176f186eb41", "md5": "34dba90b52c233a86f3c8da9f508c072" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom-style.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-style.js", "md5": "ac70b82ef943ba297f297711d5e8c9c6", "sha1": "65a1ff4713aab83a9080b0e28d62ea7338c30845", "sha256": "ecd3f6efeb79350d2f90600b0105c009d532ada629ac1caeb5332681d1b85cb0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-SG.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-SG.js", "md5": "b4c40586c9678ce07bec9152da11fa55", "sha1": "887bd06282787ee54b5cdceab06e9567c8b00395", "sha256": "22e97405906b61e6ecb0bdd8280c97f3d5f86385cac332aee39a1ab2a03c353e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "source_editor.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/js/source_editor.js", "md5": "2a9abbfa6e2ade2906839928c6728d0a", "sha1": "ccd6b305a72d7c39753b1a5c54652246f41ed875", "sha256": "0a46eb28f1b1cd34150718b7c852b2f14faa8bbaedd28f32600b4e1909b29183", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-locale-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-locale-min.js", "md5": "b3843ca7928d10b0b2e69fe89a14cde8", "sha1": "b066cfe2ea717159fcd8e9af9ef4ec636b98daf3", "sha256": "695807d1f3151f8c1d9fdff9ccd9446393cdc0ba8881aa7a4c58851078558342", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-locale-min.js", "sha256": "695807d1f3151f8c1d9fdff9ccd9446393cdc0ba8881aa7a4c58851078558342", "sha1": "b066cfe2ea717159fcd8e9af9ef4ec636b98daf3", "md5": "b3843ca7928d10b0b2e69fe89a14cde8" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-locale.js", "sha256": "695807d1f3151f8c1d9fdff9ccd9446393cdc0ba8881aa7a4c58851078558342", "sha1": "b066cfe2ea717159fcd8e9af9ef4ec636b98daf3", "md5": "b3843ca7928d10b0b2e69fe89a14cde8" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-VE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-VE.js", "md5": "6efb377cc27b501328dadf63269c28cb", "sha1": "60f2d4d65aa1cb4a35c37e9b378b4063d3de44aa", "sha256": "b58f2c2b8f52a8f27249bbb905a5fdb02c76adc52d102713ad0ca70666ff2b7b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-UY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-UY.js", "md5": "9ce50db51ca6d286fdad43bf37279e54", "sha1": "018e579c6da4277e44375daac64962acb970e061", "sha256": "cc9051f6c85a15532314700ce049fe116c031fe49e755171fb6263db63d52240", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yql.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yql/yql.js", "md5": "9d94bc7ae9cf56021a5dc3f454a5b8bb", "sha1": "27f3d947700896b8d6b3a5f5847961394d963053", "sha256": "35278ec7b9ea944f4eaa49c9d3309a45a8c9a11d2e8b9a874af08f705a3cb3ae", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yql/yql-min.js", "sha256": "35278ec7b9ea944f4eaa49c9d3309a45a8c9a11d2e8b9a874af08f705a3cb3ae", "sha1": "27f3d947700896b8d6b3a5f5847961394d963053", "md5": "9d94bc7ae9cf56021a5dc3f454a5b8bb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yql/yql-min.js", "sha256": "35278ec7b9ea944f4eaa49c9d3309a45a8c9a11d2e8b9a874af08f705a3cb3ae", "sha1": "27f3d947700896b8d6b3a5f5847961394d963053", "md5": "9d94bc7ae9cf56021a5dc3f454a5b8bb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-base-min.js", "md5": "a659906c603c5a084a088d21db3b83fb", "sha1": "2b6a4fff35608359fa5be69ced4895ece6904bce", "sha256": "34d77b6efcf04e452904e0145f0e3bb0cd20552b80df9b639eebf58551e36354", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-base-min.js", "sha256": "34d77b6efcf04e452904e0145f0e3bb0cd20552b80df9b639eebf58551e36354", "sha1": "2b6a4fff35608359fa5be69ced4895ece6904bce", "md5": "a659906c603c5a084a088d21db3b83fb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-base.js", "sha256": "34d77b6efcf04e452904e0145f0e3bb0cd20552b80df9b639eebf58551e36354", "sha1": "2b6a4fff35608359fa5be69ced4895ece6904bce", "md5": "a659906c603c5a084a088d21db3b83fb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ja-JP.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ja-JP.js", "md5": "63aee8c6bff1b9b65ea883e9c7742bb6", "sha1": "bc4c1872f07122337939ab64e45a86e661fadb5d", "sha256": "e22315a4875dd58132a913e06e253e57979a71a9b28369a7cb93c65c63bcacc6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/plugin/plugin-min.js", "md5": "8e4c8059a0995c5e95ef70a98187e757", "sha1": "96697ce41059819d76646c85f202e8f819f99890", "sha256": "9f888bde82933505103f6a239b9e7470a1e2c4bf88fb626bf16f91b12c989492", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/plugin/plugin.js", "sha256": "9f888bde82933505103f6a239b9e7470a1e2c4bf88fb626bf16f91b12c989492", "sha1": "96697ce41059819d76646c85f202e8f819f99890", "md5": "8e4c8059a0995c5e95ef70a98187e757" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/plugin/plugin-min.js", "sha256": "9f888bde82933505103f6a239b9e7470a1e2c4bf88fb626bf16f91b12c989492", "sha1": "96697ce41059819d76646c85f202e8f819f99890", "md5": "8e4c8059a0995c5e95ef70a98187e757" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-min.js", "md5": "eb5b664b51d795da4767d9374f41b9cc", "sha1": "0629306f2a06ae7e298510c0cdce91663040411f", "sha256": "84921ae208ee51cb554e7622019c916445c41a6ac5d8e269a0ccf737ff338b1e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom.js", "sha256": "84921ae208ee51cb554e7622019c916445c41a6ac5d8e269a0ccf737ff338b1e", "sha1": "0629306f2a06ae7e298510c0cdce91663040411f", "md5": "eb5b664b51d795da4767d9374f41b9cc" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-min.js", "sha256": "84921ae208ee51cb554e7622019c916445c41a6ac5d8e269a0ccf737ff338b1e", "sha1": "0629306f2a06ae7e298510c0cdce91663040411f", "md5": "eb5b664b51d795da4767d9374f41b9cc" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-htmlparser.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-htmlparser.js", "md5": "4aa0cd54d306cb0c5ab696b481ecb70b", "sha1": "937f6085182df8b8683a125828fb62da8a42d235", "sha256": "7761cc657ba6f4f02a004b5111990e607cd424c5aa1d22319a21fd3f66911893", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/visualchars/plugin.js", "md5": "2a0b4b48e44ca0f85bbe7153603e9aad", "sha1": "16175a51788a6023bc2d99d12c07b5d4bf8908e9", "sha256": "1e6e269530a433e8526abef2d4ed01b508877281fa6cd4d646576a6323f5f91b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/tabfocus/plugin.min.js", "md5": "f197cd93b28210923e3590c4438eb896", "sha1": "3f1d2180e042aa67a2fee2e211de25989b3abb7d", "sha256": "b9038a4e5ee98ad000d14d1f2223cf8212a3c97d6ad26c7ea1c9cfbf1292f20a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_tr-TR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_tr-TR.js", "md5": "62c13009832a4308b600cb35b476c139", "sha1": "6a077a186a9366f245d7e5c2cc3c7db16b8f66c2", "sha256": "eeaf7933a6730735d6e47fabc27bc45779a9e052daf2282aeed1ae67d14eccc2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ms-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ms-MY.js", "md5": "e55e45a14f773cb1dcf47e3f4b0fd39b", "sha1": "01f960a3c1530b1b00f022ed7db8c1b7908aef9d", "sha256": "fc01b6c9cbea5c1557057dfe17559128e193b213bae246e061b51724d7482db1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/datatable/datatable-min.js", "md5": "72bd52c4c20ae376c7a5029ce3382ccc", "sha1": "554d87b20fc4bf2903a50f54fda0f580673f242e", "sha256": "be8b178746773216cca6e8063078af7cfe9959e486414c6e6d40419cd59130be", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-filters-accentfold-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-filters-accentfold-min.js", "md5": "2448eb6df96dce41568ae89771e129b4", "sha1": "8af751fef12c39d2276112df8de1f012124620c6", "sha256": "e3c7f0cac50832fac6081c0832939c5b7c2d0400c8be3ac58ba2950d66f4034b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-filters-accentfold-min.js", "sha256": "e3c7f0cac50832fac6081c0832939c5b7c2d0400c8be3ac58ba2950d66f4034b", "sha1": "8af751fef12c39d2276112df8de1f012124620c6", "md5": "2448eb6df96dce41568ae89771e129b4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-filters-accentfold.js", "sha256": "e3c7f0cac50832fac6081c0832939c5b7c2d0400c8be3ac58ba2950d66f4034b", "sha1": "8af751fef12c39d2276112df8de1f012124620c6", "md5": "2448eb6df96dce41568ae89771e129b4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-uievents-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-uievents-min.js", "md5": "993befcb1f0aed9f3f2f8602196d3baa", "sha1": "3985753fd5a6789b02a0571cc745d1fc849fbbbb", "sha256": "eaf94c18758223c973b7e8f2b66872da3fbb6436ed7e137165f304d04aee1b74", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-uievents-min.js", "sha256": "eaf94c18758223c973b7e8f2b66872da3fbb6436ed7e137165f304d04aee1b74", "sha1": "3985753fd5a6789b02a0571cc745d1fc849fbbbb", "md5": "993befcb1f0aed9f3f2f8602196d3baa" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-uievents.js", "sha256": "eaf94c18758223c973b7e8f2b66872da3fbb6436ed7e137165f304d04aee1b74", "sha1": "3985753fd5a6789b02a0571cc745d1fc849fbbbb", "md5": "993befcb1f0aed9f3f2f8602196d3baa" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-drag.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-drag.js", "md5": "f774912a989caf91019980eb5ed6f8d0", "sha1": "f217fec63e286489b72f65ace2a523bb2e86ac77", "sha256": "9ebb3d437450ffed3de146d125531ab3f318e64e5465ac906183593245a29aa3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-drag-min.js", "sha256": "9ebb3d437450ffed3de146d125531ab3f318e64e5465ac906183593245a29aa3", "sha1": "f217fec63e286489b72f65ace2a523bb2e86ac77", "md5": "f774912a989caf91019980eb5ed6f8d0" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-drag-min.js", "sha256": "9ebb3d437450ffed3de146d125531ab3f318e64e5465ac906183593245a29aa3", "sha1": "f217fec63e286489b72f65ace2a523bb2e86ac77", "md5": "f774912a989caf91019980eb5ed6f8d0" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_zh-Hans-CN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_zh-Hans-CN.js", "md5": "0c3631bc11a4d592aa37d1a7e09d2459", "sha1": "44eec4daafac11f17ff6e00bdb5de7430995c6b3", "sha256": "ccf0d839de989718daf65743d6df5498016d60341e7d78c12aedef13cbb481d7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_th.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_th.js", "md5": "d141c9326c5904db65d3f71665f6983d", "sha1": "30bd3f035160a4a762ffca8d90745ad9cbec1e7f", "sha256": "24a9205401a403e423e938b65568abb23e91bf60f8e739b44f969b0a8118f357", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-resize-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-resize-min.js", "md5": "550682444ad9c89d1d04e555bc11202f", "sha1": "7ec2577e20632977451983ab847e44914dd9b7ce", "sha256": "f2ab707ab74b342a6f6b93237a5def7cb41599de3f5feefcf8abfb9512b7733a", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-resize.js", "sha256": "f2ab707ab74b342a6f6b93237a5def7cb41599de3f5feefcf8abfb9512b7733a", "sha1": "7ec2577e20632977451983ab847e44914dd9b7ce", "md5": "550682444ad9c89d1d04e555bc11202f" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-resize-min.js", "sha256": "f2ab707ab74b342a6f6b93237a5def7cb41599de3f5feefcf8abfb9512b7733a", "sha1": "7ec2577e20632977451983ab847e44914dd9b7ce", "md5": "550682444ad9c89d1d04e555bc11202f" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/example/editor_plugin.js", "md5": "e0a175dca3d5e437657ccd5d548ff409", "sha1": "44d6f7bcd9c0f7e706ee6ddcdf86c2806b204d22", "sha256": "fc74c01a7a8efc08e2d94b5f3490ba6058618cfa9435eaeafd30e0db5bd04a21", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "nl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/nl.js", "md5": "1b858c6bf253913c109ce2a1dd9d1b1b", "sha1": "d354bfa3b40bf13c4b1368eb9779216b665157a0", "sha256": "408b2fa3eba133f9b68bcc950094a195e99bd9806fefda115beb6f3ad2c7009c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "attribute-complex-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/attribute/attribute-complex-min.js", "md5": "2b99c0a44c88e756f5500ce0f19e3205", "sha1": "cc0ff6dad21d7d68b8493861730835f68962f8ab", "sha256": "aca3ce8880dc0aa0cb33d023989e2103b3b6d522287a09556bc9e22b4cc66fad", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/attribute/attribute-complex.js", "sha256": "aca3ce8880dc0aa0cb33d023989e2103b3b6d522287a09556bc9e22b4cc66fad", "sha1": "cc0ff6dad21d7d68b8493861730835f68962f8ab", "md5": "2b99c0a44c88e756f5500ce0f19e3205" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/attribute/attribute-complex-min.js", "sha256": "aca3ce8880dc0aa0cb33d023989e2103b3b6d522287a09556bc9e22b4cc66fad", "sha1": "cc0ff6dad21d7d68b8493861730835f68962f8ab", "md5": "2b99c0a44c88e756f5500ce0f19e3205" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ro.js", "md5": "cd0cc7b8de7dfee4dc8da5e2c7c8959e", "sha1": "8924f5296b471db4e97494d58166620c241668c6", "sha256": "0561ea96d5fc7b19e377c9a1d648733168e9bd818d9958c20ebe0f43f6ce2f23", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "fr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/fr.js", "md5": "54a200e68240962253ebbc1116f399e4", "sha1": "a0980d74ecab6b884c76d36d73cab30f5e8e83ef", "sha256": "8f49b043dfae4f39cc0702938cd9fe27b7b1dfe84ddc514d10930268c294cb9f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "range-slider.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/range-slider.js", "md5": "f769dec8c94d618ed7c1cf88e3c34f36", "sha1": "94eec396c980e43cfd91eac862aaf77c38e04056", "sha256": "49de8f6e16d1897589e9ea84aaa4e5ddb7fee892b4bb1770320ff09f767ae740", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/range-slider-min.js", "sha256": "49de8f6e16d1897589e9ea84aaa4e5ddb7fee892b4bb1770320ff09f767ae740", "sha1": "94eec396c980e43cfd91eac862aaf77c38e04056", "md5": "f769dec8c94d618ed7c1cf88e3c34f36" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/range-slider-min.js", "sha256": "49de8f6e16d1897589e9ea84aaa4e5ddb7fee892b4bb1770320ff09f767ae740", "sha1": "94eec396c980e43cfd91eac862aaf77c38e04056", "md5": "f769dec8c94d618ed7c1cf88e3c34f36" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "zh-cn.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/zh-cn.js", "md5": "e40e9b5a1733645e98908dd025bb713c", "sha1": "f76f5a81a48854a5a1ef597c44d33409bc0913ab", "sha256": "5d91bac5d026ad2b077d30151aa8ac7dc9f3de012566d1128ce68c2fe3f2f4bd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "transition.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/transition/transition.js", "md5": "07924491be0c6fa4e3c2ba04895ba745", "sha1": "1519bcdb58201b65087aaff758daa4e2b29897e0", "sha256": "d0721866ebec38400a3ca7dd67a08bd21c3a0631b296fc4f62006567ad4ca260", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_el-GR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_el-GR.js", "md5": "72a104303d8039ac4c3f82d21407cabb", "sha1": "df99ad4c7a3ab2da73c16d1b2a1f95b7711205af", "sha256": "0fe0e499ccd94a5a2d25f82ca26ce3b54420b801c31886c0f540bca054950c56", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-sort-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-sort-min.js", "md5": "7367c32378870fb0ab84ceeee9865214", "sha1": "10e5319e91eef41efd449a4552fd2db6824baf73", "sha256": "cde8ec8882fa676b76020a174be0fedc5f482409d0bb12ebfea82f3c481110b8", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-sort-min.js", "sha256": "cde8ec8882fa676b76020a174be0fedc5f482409d0bb12ebfea82f3c481110b8", "sha1": "10e5319e91eef41efd449a4552fd2db6824baf73", "md5": "7367c32378870fb0ab84ceeee9865214" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-sort.js", "sha256": "cde8ec8882fa676b76020a174be0fedc5f482409d0bb12ebfea82f3c481110b8", "sha1": "10e5319e91eef41efd449a4552fd2db6824baf73", "md5": "7367c32378870fb0ab84ceeee9865214" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hant-TW.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hant-TW.js", "md5": "5bcc86098502bf7fdb78c28f8f0c9f70", "sha1": "ba510cd43969d70e8652907964039f110d111fe8", "sha256": "df8ec6524c8cbf45973299e7861dbe6f79324ed7cef7b8a0ca4ee763c6698f18", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-deprecated.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-deprecated.js", "md5": "cd2be43e9de7c39b12115c847ac73293", "sha1": "9a9ac782ae2a871525b9a57290f20c30f09f9110", "sha256": "1915fd94c8e70b8a9b865e0eb13eab9a6621fc4caf0f41c1e80776b95fe34e56", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-deprecated-min.js", "sha256": "1915fd94c8e70b8a9b865e0eb13eab9a6621fc4caf0f41c1e80776b95fe34e56", "sha1": "9a9ac782ae2a871525b9a57290f20c30f09f9110", "md5": "cd2be43e9de7c39b12115c847ac73293" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-deprecated-min.js", "sha256": "1915fd94c8e70b8a9b865e0eb13eab9a6621fc4caf0f41c1e80776b95fe34e56", "sha1": "9a9ac782ae2a871525b9a57290f20c30f09f9110", "md5": "cd2be43e9de7c39b12115c847ac73293" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-custom-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-custom/event-custom-base.js", "md5": "fc30b775e1255a7777bffe30d781446a", "sha1": "03a95334570c6935911fd963a5bbac69131347c0", "sha256": "2413af95d905bff682d8c2f446baed00ce89c27b3d6f7f6409679fbb6d116253", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/lang/autocomplete_en.js", "md5": "7d3eb3a717f38f0c3d6bb7a50e577e84", "sha1": "5eb14dd6ceaa41c937062e8f933200ae3e27a557", "sha256": "ffae9c71a7578b64ff68abdea18f46645247d8306460ecf159b4fea276bfb0e7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_scheduler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Meetings/jsclass_scheduler.js", "md5": "9e35cfe0b8f4e7883b086995bb7be550", "sha1": "3de3cd8e77229ccafc3b6c62ac62ccee2523d244", "sha256": "964a608cd33718125ebafbf3f703692d6f4f7284972792073dcb91f543928a19", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ca.js", "md5": "67aa2edafdbdcf84b502e51bd4a0c1bc", "sha1": "8f9f1cb886850e8fcceabc1f22b650cc8c8bc59e", "sha256": "a77b54f3e4a1148b38a2922bad6251f1f5322466202dbae2d77f6da4ca543ccc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "uploader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/uploader/uploader.js", "md5": "99a4a3405bea10740a53b2920a98ba90", "sha1": "2ad01c74fec77934ec32216b4bfc84dafe36c0ba", "sha256": "5a513e7cb98561cb1f9b46922c0c08d0a2df51e03b9f5259f6567f42c8413914", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/uploader/uploader-min.js", "sha256": "5a513e7cb98561cb1f9b46922c0c08d0a2df51e03b9f5259f6567f42c8413914", "sha1": "2ad01c74fec77934ec32216b4bfc84dafe36c0ba", "md5": "99a4a3405bea10740a53b2920a98ba90" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/uploader/uploader-min.js", "sha256": "5a513e7cb98561cb1f9b46922c0c08d0a2df51e03b9f5259f6567f42c8413914", "sha1": "2ad01c74fec77934ec32216b4bfc84dafe36c0ba", "md5": "99a4a3405bea10740a53b2920a98ba90" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-min.js", "md5": "23b021c332464234fa798a4a8573102c", "sha1": "77b08c12299611cc0884f4bfaea1b0ecac283a5f", "sha256": "28064e4aca7770e626b68dd2e1f83b8980d62528100af78b93dd289d4c883049", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-min.js", "sha256": "28064e4aca7770e626b68dd2e1f83b8980d62528100af78b93dd289d4c883049", "sha1": "77b08c12299611cc0884f4bfaea1b0ecac283a5f", "md5": "23b021c332464234fa798a4a8573102c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable.js", "sha256": "28064e4aca7770e626b68dd2e1f83b8980d62528100af78b93dd289d4c883049", "sha1": "77b08c12299611cc0884f4bfaea1b0ecac283a5f", "md5": "23b021c332464234fa798a4a8573102c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery-ui.custom.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lib/jquery-ui.custom.min.js", "md5": "8591e924ab11c7632cc3cb9a7a8e5e77", "sha1": "f9a3d0cb9ba200fb423e33930f5441751ea39721", "sha256": "abf84282ef02b74e39fec3ddae02eb986f69284480f86c68b4865296352fcf39", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "mySugarCharts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarCharts/Jit/js/mySugarCharts.js", "md5": "19198b2ef5f12b1679ac5dba8bc5b4c0", "sha1": "015d19203345bc3dae501140cc3f6cd99c685e30", "sha256": "c2da82ee41d154b409d3b41ddfe7f7b534259bfc48cb8e682f7a17d59c5d59b4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "treeutil.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/treeutil.js", "md5": "f241b077e2e8a0399c0d617e684b668f", "sha1": "5afcd2c00d118689bcab002429dee249f8bd861f", "sha256": "3b9b625564239f6758a7991059e1fc5c35172337274000a631abb2d58af66bc2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tour.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Home/tour.js", "md5": "ae8063dd125df46333b02286cf97bfc5", "sha1": "c026023326ea0fbd7775f2bb3aa19f304a251dae", "sha256": "d332aaee555c0408e9db63a0682b32a463526bcfca64552b154bd176dbf54b83", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_fi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_fi.js", "md5": "1072aa8a01439c6fa7a259d3b40c419c", "sha1": "aa8b44d667249e41f500ec13b3e1a4a35085e022", "sha256": "855ef2c557ce1bc51d519949f11dfecb59f1c9a7df76a4050619ddc08acfac8a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-css3-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector-css3-min.js", "md5": "89088a4e2e04305a15d33298ff429cd7", "sha1": "0a4b41ae79695a53de9761366ad90fc3ce8e279f", "sha256": "cb1da53f7524f2c0566373352606b9b36b1e10276f67e92fbf6a33806f494831", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector-css3-min.js", "sha256": "cb1da53f7524f2c0566373352606b9b36b1e10276f67e92fbf6a33806f494831", "sha1": "0a4b41ae79695a53de9761366ad90fc3ce8e279f", "md5": "89088a4e2e04305a15d33298ff429cd7" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector-css3.js", "sha256": "cb1da53f7524f2c0566373352606b9b36b1e10276f67e92fbf6a33806f494831", "sha1": "0a4b41ae79695a53de9761366ad90fc3ce8e279f", "md5": "89088a4e2e04305a15d33298ff429cd7" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "TreeView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/TreeView.js", "md5": "3ddc27c3f35d55471a451f9f4dad0394", "sha1": "925b9484c09d75457d3183dadda277b2a8021f39", "sha256": "f98748b4f2b2567fd73da7f03d80249aa148a5381be53e1919a0311722dcf420", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "0.12.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@0.12.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@0.12.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2010-4710", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2010-4710/", "name": "info" }, { "source": "MISC", "url": "http://yuilibrary.com/projects/yui2/ticket/2529228", "name": "http://yuilibrary.com/projects/yui2/ticket/2529228" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/projects/yui2/ticket/2529231", "name": "http://yuilibrary.com/projects/yui2/ticket/2529231" }, { "source": "MISC", "url": "http://yuilibrary.com/forum/viewtopic.php?p=12923", "name": "http://yuilibrary.com/forum/viewtopic.php?p=12923" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180", "name": "yui-additem-xss(65180)" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.8.2" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_id.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_id.js", "md5": "6bc443399016824085e44c804b1b42f2", "sha1": "8b14d293dffa85fcaa7ddc73946cdfa54d9e0a62", "sha256": "a5f1d28ac172ee8d6503569b54b3add8223b8a248f03f325dc23168d67d83710", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_de.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_de.js", "md5": "1668150ac39f94d16ebe71eb1457c54d", "sha1": "7f94fea12ba20fd0dddaef77f3d90092c90f672f", "sha256": "2c822b4032ab74d7654957e59b8e72ba167dc4f50bcb6a7ffe7e0394233f52e2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-GB.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-GB.js", "md5": "fb93c90f2fd7a692a14402b1977ef4a3", "sha1": "e2f1ee7dd98fbb3750991662a3b6187ca6d5c30f", "sha256": "eaaeba36bebb147a7576dcb25af503edd9107441ec8234367536057037a0f3a5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_de-AT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_de-AT.js", "md5": "200957c7eedc8a04d00e41614a0dfa9c", "sha1": "39b182747fc05631399a3bee0d81049a2e04e837", "sha256": "3e49f2fc76e1549f9e280ce171247eefc7c4972f8416c8aae815e920cdf47635", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ar.js", "md5": "02cb0bc4bb56299a89eab94b88b0119c", "sha1": "c6f860c099f6c993afb4e24eead35dd63e9fce67", "sha256": "ece60107e3aaa45ecf3f18bb3f5e86b15b7372c7243b0ecb563d5ed222558a0e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-event-delegate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-event-delegate.js", "md5": "4623a79a5bdd8740abb2f7165dc818ed", "sha1": "65737944d37cffb603a1f7c655497d78a6a82397", "sha256": "b9ad36f5f02412d87d4d87d5c14ecb031c8695d79dba9333d40056e7b0403d5e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-event-delegate-min.js", "sha256": "b9ad36f5f02412d87d4d87d5c14ecb031c8695d79dba9333d40056e7b0403d5e", "sha1": "65737944d37cffb603a1f7c655497d78a6a82397", "md5": "4623a79a5bdd8740abb2f7165dc818ed" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-event-delegate-min.js", "sha256": "b9ad36f5f02412d87d4d87d5c14ecb031c8695d79dba9333d40056e7b0403d5e", "sha1": "65737944d37cffb603a1f7c655497d78a6a82397", "md5": "4623a79a5bdd8740abb2f7165dc818ed" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_pt-BR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_pt-BR.js", "md5": "5de0a0a07be21ad63fac59f8ac135058", "sha1": "b1141d93108f1801b3bb0052865ac308bd654840", "sha256": "344aa4fb5174f97588b87f94112592bdb29a51125b171bddd544f3952c220192", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "selector.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/selector/selector.js", "md5": "ba7cbe161dee03741da1a0e6d7cafcc2", "sha1": "0ec9b34ada7810c1bc13a8a3e64ed3a43813a59a", "sha256": "0848a5f2da520c0f0024115224fbdfb0b513c5bb114f791b25d3c3b038a4b8e8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "alerts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/alerts.js", "md5": "122d98a489c2ff275559f2f6b1013a95", "sha1": "d527da7beac282e57e8e62d4eb7655a84f090df9", "sha256": "83c62444c988664c2117022f19bd575997bafa805fa2693fafc9d385af3dca4e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.common.core.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.core.js", "md5": "16780f3363b08543e27c1615fc91f23f", "sha1": "6104c1cfd6cf1a472090bc06b8c2acdb9c8261f0", "sha256": "18f5d1bdd56a8741a6764c32fae2c2e7da438428e7b66ab3970b541be8471686", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-stack-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-stack-min.js", "md5": "00ca05aa57fdac980f4a4e58c1b7cb48", "sha1": "f425ef9c84d25dae61c7a0e0a95614c15156732c", "sha256": "c589fcdcc647c93ed1facdb91a7a6bea7fcaa98899fd8e3e3603c24fde29ae1c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-stack.js", "sha256": "c589fcdcc647c93ed1facdb91a7a6bea7fcaa98899fd8e3e3603c24fde29ae1c", "sha1": "f425ef9c84d25dae61c7a0e0a95614c15156732c", "md5": "00ca05aa57fdac980f4a4e58c1b7cb48" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-stack-min.js", "sha256": "c589fcdcc647c93ed1facdb91a7a6bea7fcaa98899fd8e3e3603c24fde29ae1c", "sha1": "f425ef9c84d25dae61c7a0e0a95614c15156732c", "md5": "00ca05aa57fdac980f4a4e58c1b7cb48" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-min.js", "md5": "646afcd712e522ead314175d4e90074c", "sha1": "b7bf7d696259587a29e64aad218925ddb085d179", "sha256": "58fee82b6928cb9a723e1f6db39063295ac2a6935a5144578bd02ca380fee632", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget.js", "sha256": "58fee82b6928cb9a723e1f6db39063295ac2a6935a5144578bd02ca380fee632", "sha1": "b7bf7d696259587a29e64aad218925ddb085d179", "md5": "646afcd712e522ead314175d4e90074c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-min.js", "sha256": "58fee82b6928cb9a723e1f6db39063295ac2a6935a5144578bd02ca380fee632", "sha1": "b7bf7d696259587a29e64aad218925ddb085d179", "md5": "646afcd712e522ead314175d4e90074c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-xy.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-xy.js", "md5": "31bf621d3c06ba1a9e19675bdad8bce8", "sha1": "5d666f0c5f46c89d7def198570a7692a174f0505", "sha256": "a91e35f3cd5f661f551cadec646434259f229d9a508696193731f1da812feaeb", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-xy-min.js", "sha256": "a91e35f3cd5f661f551cadec646434259f229d9a508696193731f1da812feaeb", "sha1": "5d666f0c5f46c89d7def198570a7692a174f0505", "md5": "31bf621d3c06ba1a9e19675bdad8bce8" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-xy-min.js", "sha256": "a91e35f3cd5f661f551cadec646434259f229d9a508696193731f1da812feaeb", "sha1": "5d666f0c5f46c89d7def198570a7692a174f0505", "md5": "31bf621d3c06ba1a9e19675bdad8bce8" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "features-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/features-min.js", "md5": "5b237066ddb6bc0b45cfd1d9e6bff81e", "sha1": "8981bd2e8b850eeb9500a156f4ca4a49952a04b1", "sha256": "f484d00bb5523fac45631c6e9e0c07e77ca8c92face62b9405df02cbc43746b8", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/features.js", "sha256": "f484d00bb5523fac45631c6e9e0c07e77ca8c92face62b9405df02cbc43746b8", "sha1": "8981bd2e8b850eeb9500a156f4ca4a49952a04b1", "md5": "5b237066ddb6bc0b45cfd1d9e6bff81e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/features-min.js", "sha256": "f484d00bb5523fac45631c6e9e0c07e77ca8c92face62b9405df02cbc43746b8", "sha1": "8981bd2e8b850eeb9500a156f4ca4a49952a04b1", "md5": "5b237066ddb6bc0b45cfd1d9e6bff81e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cache-offline-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache-offline-min.js", "md5": "16bd241fafab343271a95fdf3a7d62df", "sha1": "0bb991149ef3387a4e08fd924389ec29e07b9ce0", "sha256": "005db04f87296283529b27b32ed504e4be6eed28ca9584dc7ada3d850169c29c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache-offline.js", "sha256": "005db04f87296283529b27b32ed504e4be6eed28ca9584dc7ada3d850169c29c", "sha1": "0bb991149ef3387a4e08fd924389ec29e07b9ce0", "md5": "16bd241fafab343271a95fdf3a7d62df" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache-offline-min.js", "sha256": "005db04f87296283529b27b32ed504e4be6eed28ca9584dc7ada3d850169c29c", "sha1": "0bb991149ef3387a4e08fd924389ec29e07b9ce0", "md5": "16bd241fafab343271a95fdf3a7d62df" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-io.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-io.js", "md5": "673bb160c000fc44ed5d74c2c68c4ec9", "sha1": "4ff72f8306d67ed290b155ff63a7c98f5a3d77ca", "sha256": "0d975163bb2e9f28a8fab44cfa469110268e3fe625a0a45846d0c46fb395fee3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-io-min.js", "sha256": "0d975163bb2e9f28a8fab44cfa469110268e3fe625a0a45846d0c46fb395fee3", "sha1": "4ff72f8306d67ed290b155ff63a7c98f5a3d77ca", "md5": "673bb160c000fc44ed5d74c2c68c4ec9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-io-min.js", "sha256": "0d975163bb2e9f28a8fab44cfa469110268e3fe625a0a45846d0c46fb395fee3", "sha1": "4ff72f8306d67ed290b155ff63a7c98f5a3d77ca", "md5": "673bb160c000fc44ed5d74c2c68c4ec9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/editor_plugin.js", "md5": "c9f91af5f1b8a1ba7a1e4ccf53fc7790", "sha1": "6ecd3096677a83c54473fbc551c118691cb93ff2", "sha256": "d97af2e103bd8000792c5f00787a12cbc1c214c995bae29158c7529e35dbcd50", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "DeleteEmailAction.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/DeleteEmailAction.js", "md5": "f55735d833d2a77bea56b63e97d5d610", "sha1": "c722eff4af9d62674e41e7fd760792817715d51a", "sha256": "22b50eea21d2673df1b2e76aa4a38c23971a16c2d836a65e888362264ef1555c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-base-min.js", "md5": "8a0901d4b2cddbead0e4ba71cf8b4fa9", "sha1": "f7913f54c091647e5ca88bcad497e12b3db7aea0", "sha256": "cad39237bafcce488e59fc836b1dca8d6313d059684107ca472a225ec7d62458", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-base.js", "sha256": "cad39237bafcce488e59fc836b1dca8d6313d059684107ca472a225ec7d62458", "sha1": "f7913f54c091647e5ca88bcad497e12b3db7aea0", "md5": "8a0901d4b2cddbead0e4ba71cf8b4fa9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-base-min.js", "sha256": "cad39237bafcce488e59fc836b1dca8d6313d059684107ca472a225ec7d62458", "sha1": "f7913f54c091647e5ca88bcad497e12b3db7aea0", "md5": "8a0901d4b2cddbead0e4ba71cf8b4fa9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "json.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/json/json.js", "md5": "9c90a2fa80e032806180eeb0428349c4", "sha1": "c01bed21e44c7e227c845bac897078b19fb04902", "sha256": "377ade66c052b7c73f138668cb0ad3b09b9ff0ca1dfb40c3a4a2b594121e687d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/pagebreak/editor_plugin_src.js", "md5": "cbf8613d428981a4e4cee9bb9f86d53f", "sha1": "04d6fe4e3364339686da5af19adf1046c345ed19", "sha256": "26768e1519461f9fd5e19203e3f1e77603c91be4de703f6ea0a91ae8a2638213", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "history-hash-ie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-hash-ie.js", "md5": "3bd7e5ced58e6aa6715198da3d323ee6", "sha1": "5d1c0f16bb9b580349aeaf31223732b9b99c0553", "sha256": "73a37bbe3f8140e9c19a121d310863153b261acc8c9d7d3c8863160cb9d9ffe9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "align-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/align-plugin.js", "md5": "ab87f30aa1cb6a0a72a3720f658174d3", "sha1": "0a7aadf840e2143143bef4a56d18d242e0eea2d4", "sha256": "9cf40eda7c51c2f21bda10ef3c9f8fbcd0ac9ab8ee01ad2ce07266aeef47e5fc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_tr-TR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_tr-TR.js", "md5": "0d2ceec2a039888765b355fb84f030e5", "sha1": "1a69679acad0a0a7e45ae31dee201da57a013f65", "sha256": "c411b14d11d0928282235d3f7d61dce1c452faed08dac28624b4fe1612394fd7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ar.js", "md5": "8b61c5968545f3a5b3ff412fdceb124c", "sha1": "0a7ad78b6453bcdb1bfa14f820ef5c2f55108205", "sha256": "8d00b0b986955a56c903c3d5b1b91e8fb12d35d1dcbcd1ff24b4ea4bbdd75036", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ja-JP.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ja-JP.js", "md5": "a55e4fa5b9f8fd36f5afa67785527aa5", "sha1": "c8be38de8afb3abb6f67429b4b57642d2496605b", "sha256": "4207a60aa3e960cc5c4416cadd3dcbbffa78fa11e6355d82429024d56e8f43eb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-move-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-gestures/event-move-min.js", "md5": "8ee9714794c20f5955a160baa1c1a69e", "sha1": "bc7aadb1dce706c2cd55d52c7a977c47a6106fb3", "sha256": "bccb316711a4fb4e242704db587ca076ad40dfb149d95ca0d8ca819fb769c7eb", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-gestures/event-move-min.js", "sha256": "bccb316711a4fb4e242704db587ca076ad40dfb149d95ca0d8ca819fb769c7eb", "sha1": "bc7aadb1dce706c2cd55d52c7a977c47a6106fb3", "md5": "8ee9714794c20f5955a160baa1c1a69e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-gestures/event-move.js", "sha256": "bccb316711a4fb4e242704db587ca076ad40dfb149d95ca0d8ca819fb769c7eb", "sha1": "bc7aadb1dce706c2cd55d52c7a977c47a6106fb3", "md5": "8ee9714794c20f5955a160baa1c1a69e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-screen-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-screen-min.js", "md5": "a8409ddf603896c5b8f0c6ade48ee51b", "sha1": "42f370db4f9518c8cdbc2295987e45e4ce212d78", "sha256": "9d1c584ea7c21370e4aad33dbea1fc3e6a5350a6252b3a987df7a3545eb6b747", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-screen-min.js", "sha256": "9d1c584ea7c21370e4aad33dbea1fc3e6a5350a6252b3a987df7a3545eb6b747", "sha1": "42f370db4f9518c8cdbc2295987e45e4ce212d78", "md5": "a8409ddf603896c5b8f0c6ade48ee51b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-screen.js", "sha256": "9d1c584ea7c21370e4aad33dbea1fc3e6a5350a6252b3a987df7a3545eb6b747", "sha1": "42f370db4f9518c8cdbc2295987e45e4ce212d78", "md5": "a8409ddf603896c5b8f0c6ade48ee51b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ConfigForm.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/HTMLPurifier/standalone/HTMLPurifier/Printer/ConfigForm.js", "md5": "ee5990d6bb62017463a7a8d72c8288b5", "sha1": "fea8a3b01a8ca8c6e650eb27f98274c5dbaa9db9", "sha256": "aef2d12317af2e659e9c782c04f71ae23b17fecb2516b3605af5d2f81cedc003", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Printer/ConfigForm.js", "sha256": "aef2d12317af2e659e9c782c04f71ae23b17fecb2516b3605af5d2f81cedc003", "sha1": "fea8a3b01a8ca8c6e650eb27f98274c5dbaa9db9", "md5": "ee5990d6bb62017463a7a8d72c8288b5" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-UY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-UY.js", "md5": "42a5c48a186e907bc87b8804b961d0d0", "sha1": "1abd12c2b065ebc181eb1ba4dae70d34cbb55253", "sha256": "35e43340507c21ec58c813e73f8be4d2b9bdb492bcbe725411400eb315958945", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-key.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-key.js", "md5": "354c77643752dc6eb78688c2df5be77c", "sha1": "84eab926f53ae6fd891edb689e42c9fd91f5cdfc", "sha256": "647a28e882170da6ddddb45c56fa58ca2809db30415a0112e06c90f3e001fc66", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-VE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-VE.js", "md5": "f36cc7d1c8f0c1a92580fdffdbef6c37", "sha1": "fefc452d56f30b22863489348914dead64c9afba", "sha256": "60445a058f814824d72d98772d89510e25c92a20b87a5e8171e7ce12081c9cb9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "imagesloaded.pkgd.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/imagesloaded.pkgd.js", "md5": "eff51c9330e4cc76361f95d230484ce7", "sha1": "eb61466b490fa153b47847e60f3cc9bc91046434", "sha256": "789db81fadd93867dc899069a7fe1a6d41037672b501298935a10d3aea0852a5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-menunav.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node-menunav/node-menunav.js", "md5": "46d001d1391e0140a8a7b085c63b3dd6", "sha1": "47f2c0820c5688960c73e828ef0c577d2987b588", "sha256": "a0ff737bf59796a07cd3bd81a1f571a25ca0767aeff438a1dcd873a6d3a33608", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ms-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ms-MY.js", "md5": "a850186b904ef8d36c08bce04490f1ad", "sha1": "56178aa69a0b3443d3871dbd3f4a3b33f9aedff1", "sha256": "88372659a9958df3e13f545dab339b9a06318ec917dc4ea736966e2805c69ca8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tabview-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/tabview/tabview-base.js", "md5": "4e31a6b91b90619ba3a7679483ee7a0c", "sha1": "6fe7406e6754bf94e4a3ba2713141c7fbc191caf", "sha256": "651766e3b1f8d269bf220b590cddf424972e73894357965c982de3a9609368c4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-min.js", "md5": "ca5b768a19401dda5ca10547df939bf3", "sha1": "7a08cbe0859a05d7260910c894c89cee4b3cac3f", "sha256": "66bae7b2490cf67dcfa55d20acec0dcacd2f0bb486ee2d67331e1bdad9aa73ba", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history.js", "sha256": "66bae7b2490cf67dcfa55d20acec0dcacd2f0bb486ee2d67331e1bdad9aa73ba", "sha1": "7a08cbe0859a05d7260910c894c89cee4b3cac3f", "md5": "ca5b768a19401dda5ca10547df939bf3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-min.js", "sha256": "66bae7b2490cf67dcfa55d20acec0dcacd2f0bb486ee2d67331e1bdad9aa73ba", "sha1": "7a08cbe0859a05d7260910c894c89cee4b3cac3f", "md5": "ca5b768a19401dda5ca10547df939bf3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-child.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-child.js", "md5": "0e217343ad0a47946425c5698dc81aaf", "sha1": "ec6d6952147b0a7e3a46f97dbe99b4f212123b50", "sha256": "02587e77b9e244ff3f5f149c91c8be6f27e8cf8b22ffdc29edc85720f89057d0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "iscroll.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/iscroll.js", "md5": "f6b1477d2416ee1c40578d56c89220c1", "sha1": "3aed9ce82238e8cbe1acc243a51dc68927d02385", "sha256": "296ac70512819b75d98c43ceabbf9ce8cf660cdf479e0c82ddacd663fbbe36bd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-focusmanager.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node-focusmanager/node-focusmanager.js", "md5": "772fe30d5159da154bc70f66e52688a3", "sha1": "b9a3e0fc389fbd626fa7508687acb26ba5fd0cc3", "sha256": "d110c1438b83c539cc5f044ea7c1dc8d1eb0f1860e6c1fd70ce58351b44e01cc", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node-focusmanager/node-focusmanager-min.js", "sha256": "d110c1438b83c539cc5f044ea7c1dc8d1eb0f1860e6c1fd70ce58351b44e01cc", "sha1": "b9a3e0fc389fbd626fa7508687acb26ba5fd0cc3", "md5": "772fe30d5159da154bc70f66e52688a3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node-focusmanager/node-focusmanager-min.js", "sha256": "d110c1438b83c539cc5f044ea7c1dc8d1eb0f1860e6c1fd70ce58351b44e01cc", "sha1": "b9a3e0fc389fbd626fa7508687acb26ba5fd0cc3", "md5": "772fe30d5159da154bc70f66e52688a3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "resize.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize.js", "md5": "1aea530b19606193f0c261b3675a9c41", "sha1": "5008f7bf12cef544b0478fa6c62da06a35536fb7", "sha256": "596d6b7c5326ccdbcd016b00e8a4c16a645045957b185f8d9c9325bc0b28022d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "AOR_Report_Before.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Reports/AOR_Report_Before.js", "md5": "ab5397e1ca56871cb28514092029fd90", "sha1": "a1ab1edace3bcf4cda7332a9ba5714110e8f7985", "sha256": "8caa0399e186ff8f8ada5393c79cc577b2c0915e6bc16c9482c4b2a3890f05c3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-sources-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-sources-min.js", "md5": "6e058efba9307ac27628b4d276c21641", "sha1": "a70120577b61a30ad7d198ac7ea764955806b220", "sha256": "86b8e6176e39d07c47407bc9739f203313dcb1d77d98ef12ea0cc6dea0c65dbb", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-sources.js", "sha256": "86b8e6176e39d07c47407bc9739f203313dcb1d77d98ef12ea0cc6dea0c65dbb", "sha1": "a70120577b61a30ad7d198ac7ea764955806b220", "md5": "6e058efba9307ac27628b4d276c21641" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-sources-min.js", "sha256": "86b8e6176e39d07c47407bc9739f203313dcb1d77d98ef12ea0cc6dea0c65dbb", "sha1": "a70120577b61a30ad7d198ac7ea764955806b220", "md5": "6e058efba9307ac27628b4d276c21641" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/pagebreak/plugin.min.js", "md5": "8e2010a2fbc9bcc42d9c7572d38c56a8", "sha1": "1cc875105f1350830f357214f696c591627da09a", "sha256": "a7c511e824697e03626379b746bb73d529404aeea45339855f0ff7a4f5037a58", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-parent.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-parent.js", "md5": "c36ba51326a206d75578d84a6c6dc090", "sha1": "33c4ac4b08fa898bc6a5701d02e4d2bf971c86bf", "sha256": "11388966fd058106ef570067c0e6d723302e6d1d6d6e25bd9bdcf32f3d8c1b1c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "EditView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Currencies/EditView.js", "md5": "5b704636d1417a0db2e657df4bad6d7c", "sha1": "daec7ce766104912a980f98450058b4cb9840769", "sha256": "66fe9dccb7dc96e94fd4443a5586f98aa0701b6bce61856fee55305186aea3c1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "slider-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/slider-min.js", "md5": "c837e59fe02b33eaecf9b3820d3e2df5", "sha1": "2952bef193d56b47f7e6c64b0cb8b867decf3202", "sha256": "6f6b9c8c9b4bddbebc2057445b7e443cbae34b4f031db5595034ce620a07a0f1", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/slider-min.js", "sha256": "6f6b9c8c9b4bddbebc2057445b7e443cbae34b4f031db5595034ce620a07a0f1", "sha1": "2952bef193d56b47f7e6c64b0cb8b867decf3202", "md5": "c837e59fe02b33eaecf9b3820d3e2df5" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/slider.js", "sha256": "6f6b9c8c9b4bddbebc2057445b7e443cbae34b4f031db5595034ce620a07a0f1", "sha1": "2952bef193d56b47f7e6c64b0cb8b867decf3202", "md5": "c837e59fe02b33eaecf9b3820d3e2df5" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ajaxUI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/ajaxUI.js", "md5": "fd171bf28ec63478d1518753b48d1a6f", "sha1": "3c03eae0b8013a49bbe43b3b39a433413e1657eb", "sha256": "be2e12523a17be35486700f28943e4b1790076eafee6a5fe553536a45aa28b56", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "resize-proxy.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-proxy.js", "md5": "80387392665490c6ba3f883d8d75b6f9", "sha1": "ffe21b232217ad3b811a5e8ac1031af4fb876fe3", "sha256": "9f0452a591a68b97f29444ca359c8cfb918f6969cee299a2063f725a25668799", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "element-delegate-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/element-delegate/element-delegate-min.js", "md5": "93f42f0bdc232edcd615426d3aa58fee", "sha1": "94991c24d6d2a5d2346450d022ba9557acc93591", "sha256": "3b6651c6ba69b0804d74c926782b5693a78d4a6177923442e88459c8e577269f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "report_additionals.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/report_additionals.js", "md5": "1a96cc220ca8ebfd7d712945f8be02c8", "sha1": "06897861177347e7aa61b1d694ea69433e85e621", "sha256": "50b87b23584e67d760ddedcd894ecdbd304c7c9abbf8aea8b856e618722972e6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "InboundEmail.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/InboundEmail/InboundEmail.js", "md5": "17c96c53293bfb777c9edcc24f9cd994", "sha1": "493022aac20169f7ef6faadca3ae61058a13e3ba", "sha256": "2586dd91010614fccc1e4e1c98c27d8573f41f3333d3166e9d29e2ffee3ff5fc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event/event-min.js", "md5": "b1ae2a2c366e02383e9afae30caaf4bc", "sha1": "1c3f7df5fd8cf5937bb26f0ca76d09dc3e87eb5c", "sha256": "9cade5e5c97c5f5ac2605552268645bb31e759a94d3566cce3c1a772e39c9be2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pluginhost-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/pluginhost/pluginhost-base-min.js", "md5": "60f7bd83bf00c8c72b7a9a166d75419a", "sha1": "963b15e35260e3a9012fa20cea13d0d85b5249ab", "sha256": "5dae1512d9971c609686cfb85ed26faf7e1907a164a53477c6cbf6ea164a08b2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost-base.js", "sha256": "5dae1512d9971c609686cfb85ed26faf7e1907a164a53477c6cbf6ea164a08b2", "sha1": "963b15e35260e3a9012fa20cea13d0d85b5249ab", "md5": "60f7bd83bf00c8c72b7a9a166d75419a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost-base-min.js", "sha256": "5dae1512d9971c609686cfb85ed26faf7e1907a164a53477c6cbf6ea164a08b2", "sha1": "963b15e35260e3a9012fa20cea13d0d85b5249ab", "md5": "60f7bd83bf00c8c72b7a9a166d75419a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-filters-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-filters-min.js", "md5": "5f3306a6487333f7d781f8c2a3bb32c6", "sha1": "f8e5f35e97fd0758a26fcaa8cab7248739650ce3", "sha256": "dcc2e9bb3209045a6cc8d0fcf3e682bc1a8c6f6ff972265754cfca2d72f851ac", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-filters-min.js", "sha256": "dcc2e9bb3209045a6cc8d0fcf3e682bc1a8c6f6ff972265754cfca2d72f851ac", "sha1": "f8e5f35e97fd0758a26fcaa8cab7248739650ce3", "md5": "5f3306a6487333f7d781f8c2a3bb32c6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-filters.js", "sha256": "dcc2e9bb3209045a6cc8d0fcf3e682bc1a8c6f6ff972265754cfca2d72f851ac", "sha1": "f8e5f35e97fd0758a26fcaa8cab7248739650ce3", "md5": "5f3306a6487333f7d781f8c2a3bb32c6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-get-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-get-min.js", "md5": "ff7050aafdb2e508a87c6a4b97bfb47a", "sha1": "fdf998cea03eec1b65586ee6a6b025e1c6def668", "sha256": "9ca484b9c29b2155d1963d1e79dc9139257f1313de5e31da6f229506ddea4862", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-get.js", "sha256": "9ca484b9c29b2155d1963d1e79dc9139257f1313de5e31da6f229506ddea4862", "sha1": "fdf998cea03eec1b65586ee6a6b025e1c6def668", "md5": "ff7050aafdb2e508a87c6a4b97bfb47a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-get-min.js", "sha256": "9ca484b9c29b2155d1963d1e79dc9139257f1313de5e31da6f229506ddea4862", "sha1": "fdf998cea03eec1b65586ee6a6b025e1c6def668", "md5": "ff7050aafdb2e508a87c6a4b97bfb47a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "style.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/themes/default/js/style.js", "md5": "a466273413fe8c859e8e23d012a51aaf", "sha1": "26d435fd843b83ccd6dc13bd661d499a7826c497", "sha256": "6653ae0a7318a63b3a9d67d8090f4dd22182dce8be5964a8578469c7f105a6cc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "shim-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/shim-plugin-min.js", "md5": "27155c30875b6eea4ba1bae1b1a0e7ca", "sha1": "d790a2664b5a663f61b10ee0b2b67dba8fbd8549", "sha256": "7fc8b676eb2077e28afb1f802b695a1e023a55bcb06503a177ea685869066e2d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/shim-plugin-min.js", "sha256": "7fc8b676eb2077e28afb1f802b695a1e023a55bcb06503a177ea685869066e2d", "sha1": "d790a2664b5a663f61b10ee0b2b67dba8fbd8549", "md5": "27155c30875b6eea4ba1bae1b1a0e7ca" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/shim-plugin.js", "sha256": "7fc8b676eb2077e28afb1f802b695a1e023a55bcb06503a177ea685869066e2d", "sha1": "d790a2664b5a663f61b10ee0b2b67dba8fbd8549", "md5": "27155c30875b6eea4ba1bae1b1a0e7ca" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-number-parse-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-number-parse-min.js", "md5": "34972c4fc8cf60e5afd02a1d1b4824ef", "sha1": "3b2d5acbc5afb408e5e9e96c85b23e13e37c79f8", "sha256": "42e7af7f5c605f7e00125302de2279a3f8e058df23dea2479a3578e004f1c2d3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-number-parse-min.js", "sha256": "42e7af7f5c605f7e00125302de2279a3f8e058df23dea2479a3578e004f1c2d3", "sha1": "3b2d5acbc5afb408e5e9e96c85b23e13e37c79f8", "md5": "34972c4fc8cf60e5afd02a1d1b4824ef" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-number-parse.js", "sha256": "42e7af7f5c605f7e00125302de2279a3f8e058df23dea2479a3578e004f1c2d3", "sha1": "3b2d5acbc5afb408e5e9e96c85b23e13e37c79f8", "md5": "34972c4fc8cf60e5afd02a1d1b4824ef" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "json.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/json/json.js", "md5": "25c9537873b157feaa9f404d63d07bf6", "sha1": "6913c4f3b76dba5c2e4120a9d34544d908b26985", "sha256": "41a127033a02e344e907f147ab9f61cc6656e521d05ea43dc1660246c9e91fb7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "studiodd.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Studio/studiodd.js", "md5": "89b2b2edddfc538ad4ab638d2cf98bbd", "sha1": "f50763c6fa5dc7dff7c367912898b9de7fd70dad", "sha256": "f003d548fbf4b13315344c0fd610981f5c2668811ed252e8f9c9408aec83ff8d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "scrollview-scrollbars-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-scrollbars-min.js", "md5": "e052dad6ef919607584c43ee7b5aa42e", "sha1": "e53980a99faaf5e8841e79e89cb7a1e960f34d21", "sha256": "4c68649e3cb3ef9f597f88524b6a555fd58bfd3205c02a1884b5c8a5d13aa033", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-scrollbars-min.js", "sha256": "4c68649e3cb3ef9f597f88524b6a555fd58bfd3205c02a1884b5c8a5d13aa033", "sha1": "e53980a99faaf5e8841e79e89cb7a1e960f34d21", "md5": "e052dad6ef919607584c43ee7b5aa42e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-scrollbars.js", "sha256": "4c68649e3cb3ef9f597f88524b6a555fd58bfd3205c02a1884b5c8a5d13aa033", "sha1": "e53980a99faaf5e8841e79e89cb7a1e960f34d21", "md5": "e052dad6ef919607584c43ee7b5aa42e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-xmlschema.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-xmlschema.js", "md5": "1ae58bcc8d038f2f60b1fabcd3363bba", "sha1": "f34c0576803aed0afb8a79df7c7820da4fc02302", "sha256": "554f11669d250c7889a9cb0deff8053a5d8b7f499cb905110093e16e43859fdf", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-xmlschema-min.js", "sha256": "554f11669d250c7889a9cb0deff8053a5d8b7f499cb905110093e16e43859fdf", "sha1": "f34c0576803aed0afb8a79df7c7820da4fc02302", "md5": "1ae58bcc8d038f2f60b1fabcd3363bba" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-xmlschema-min.js", "sha256": "554f11669d250c7889a9cb0deff8053a5d8b7f499cb905110093e16e43859fdf", "sha1": "f34c0576803aed0afb8a79df7c7820da4fc02302", "md5": "1ae58bcc8d038f2f60b1fabcd3363bba" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-GB.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-GB.js", "md5": "eeb211354408bf49f68a5e66cf92cfe8", "sha1": "19aa1eab62bd8fcc67b0a4013d9bb7029edf9dda", "sha256": "cf3401e1b98c2567634d369474e88c398f2634f3fcea7fc24de6f8ed360f5dc8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "polygon.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Areas/javascript/polygon.min.js", "md5": "88c68030af6b2ed0a1be070a38895d5b", "sha1": "6fa3928390fe62cff69895ff3baaef23eb523683", "sha256": "3e42937311113a2fd3143cc672557c3de60d625a3f48c8df8c755763d636e76e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/polygon.min.js", "sha256": "3e42937311113a2fd3143cc672557c3de60d625a3f48c8df8c755763d636e76e", "sha1": "6fa3928390fe62cff69895ff3baaef23eb523683", "md5": "88c68030af6b2ed0a1be070a38895d5b" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ru.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ru.js", "md5": "d3342c0c8d9cad200fb205017524f044", "sha1": "768e2cfdd26513ffe95f46a4a4a6fc1983ebbc9a", "sha256": "a7e7d3291522640dd787f8dd622a12258fb5f467dddd89eb8d55742ebf9c5d76", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarFieldFile.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/Image/SugarFieldFile.js", "md5": "2e02a82f47af6ac916e7b2f69244ef25", "sha1": "cbf90fe9bedb7ccc44651e92f1375625ce2b957e", "sha256": "a1bea85c9cfc46456faea8588734cd6bed1975ab14f1018747e21fb034f1eafd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dial.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dial/dial.js", "md5": "b05c74b91499525987eb6695428d1d27", "sha1": "b934a37e8ef8c9b4d109f2a9f15fcc8818814aab", "sha256": "04dbb255090e6138ff012cbc56a6b1af580fe8f900cb40104b98549ac464b4f2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dial/dial-min.js", "sha256": "04dbb255090e6138ff012cbc56a6b1af580fe8f900cb40104b98549ac464b4f2", "sha1": "b934a37e8ef8c9b4d109f2a9f15fcc8818814aab", "md5": "b05c74b91499525987eb6695428d1d27" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dial/dial-min.js", "sha256": "04dbb255090e6138ff012cbc56a6b1af580fe8f900cb40104b98549ac464b4f2", "sha1": "b934a37e8ef8c9b4d109f2a9f15fcc8818814aab", "md5": "b05c74b91499525987eb6695428d1d27" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor-tab.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-tab.js", "md5": "674623a8bf7b74382da07f6c27db57f0", "sha1": "038b460b7442557e90d35ac82af5a19d9d388950", "sha256": "8bf4a3ef351e8756a2e445214f0bd294372cea29be511cd1a0ca8c97e2ae4b67", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-flick.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-gestures/event-flick.js", "md5": "9581488baee1a123a5b25e79de22305e", "sha1": "9998e8f1d461dbeb91f1c063d8a7c2de0ead7605", "sha256": "b54426b0ed73721d95dbc698ed2f8c8c47c3fe946ddc803362d5bd94fc861b99", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-gestures/event-flick-min.js", "sha256": "b54426b0ed73721d95dbc698ed2f8c8c47c3fe946ddc803362d5bd94fc861b99", "sha1": "9998e8f1d461dbeb91f1c063d8a7c2de0ead7605", "md5": "9581488baee1a123a5b25e79de22305e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-gestures/event-flick-min.js", "sha256": "b54426b0ed73721d95dbc698ed2f8c8c47c3fe946ddc803362d5bd94fc861b99", "sha1": "9998e8f1d461dbeb91f1c063d8a7c2de0ead7605", "md5": "9581488baee1a123a5b25e79de22305e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "highlight-accentfold.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight-accentfold.js", "md5": "28454ba5e1d439a705beb5e5dfcf572c", "sha1": "8907e321d52fb49fc3ee078d5c200c463d889052", "sha256": "a330963158638504a10596b4e87f89690600bb84235a959926982087bf82362d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/highlight/highlight-accentfold-min.js", "sha256": "a330963158638504a10596b4e87f89690600bb84235a959926982087bf82362d", "sha1": "8907e321d52fb49fc3ee078d5c200c463d889052", "md5": "28454ba5e1d439a705beb5e5dfcf572c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight-accentfold-min.js", "sha256": "a330963158638504a10596b4e87f89690600bb84235a959926982087bf82362d", "sha1": "8907e321d52fb49fc3ee078d5c200c463d889052", "md5": "28454ba5e1d439a705beb5e5dfcf572c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_zh-Hans-CN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hans-CN.js", "md5": "526b4763e3d5507dba69199c22551190", "sha1": "9068bf63f1d8d66573a58ad1ac18783abbd6702a", "sha256": "c368bc9d295c80d0792809f71b9957b882611b276978ba3e14598b136a3e09fd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_nb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_nb.js", "md5": "d03a41c36ca606e60d14d75f7ad4c2b0", "sha1": "358a4c7441f2c25211169cbf61e2503d10a79299", "sha256": "4588ad6cac9a3f1d61068863909d823c22f4dad27651da2c46d0dcf7c7a71016", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema.js", "md5": "e830c3566de444c39e17a14e0e833747", "sha1": "0950de0ee7be770c86abb66022a4de9e994c762f", "sha256": "37be4290f2ea2ffaa32cd1d3444747900715ede246d114d91c5e7ba02bc66677", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-gestures-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-gestures/event-gestures-min.js", "md5": "6626cd618e69a4cc4245167931164824", "sha1": "a2589039c2e49c35695d4c1cc640a8e44a8057f5", "sha256": "b51a52a93bbecc062ac1a172a2059c1793ea2fa024dce4f387f8f7f12f7a9a3d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-gestures/event-gestures-min.js", "sha256": "b51a52a93bbecc062ac1a172a2059c1793ea2fa024dce4f387f8f7f12f7a9a3d", "sha1": "a2589039c2e49c35695d4c1cc640a8e44a8057f5", "md5": "6626cd618e69a4cc4245167931164824" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-gestures/event-gestures.js", "sha256": "b51a52a93bbecc062ac1a172a2059c1793ea2fa024dce4f387f8f7f12f7a9a3d", "sha1": "a2589039c2e49c35695d4c1cc640a8e44a8057f5", "md5": "6626cd618e69a4cc4245167931164824" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-hover-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-hover-min.js", "md5": "282221b0b22cd481c33dde90d66d2533", "sha1": "9f738e649d839b73ff25b86a53d0b162d0be9033", "sha256": "79a5a28f16cc12e9168f7657165f3a819344d3c8683e657b5bdeeb8c7ca76ab6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-hover-min.js", "sha256": "79a5a28f16cc12e9168f7657165f3a819344d3c8683e657b5bdeeb8c7ca76ab6", "sha1": "9f738e649d839b73ff25b86a53d0b162d0be9033", "md5": "282221b0b22cd481c33dde90d66d2533" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-hover.js", "sha256": "79a5a28f16cc12e9168f7657165f3a819344d3c8683e657b5bdeeb8c7ca76ab6", "sha1": "9f738e649d839b73ff25b86a53d0b162d0be9033", "md5": "282221b0b22cd481c33dde90d66d2533" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-function.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-function.js", "md5": "d916d4999245dd37619905fcc5579312", "sha1": "7741a21cb286ab9a625cf8c86634949298fc64a5", "sha256": "632aed2c7b728d0f4ac97b76b228c1e31650b594128685b8bca161514e8360ce", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-function-min.js", "sha256": "632aed2c7b728d0f4ac97b76b228c1e31650b594128685b8bca161514e8360ce", "sha1": "7741a21cb286ab9a625cf8c86634949298fc64a5", "md5": "d916d4999245dd37619905fcc5579312" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-function-min.js", "sha256": "632aed2c7b728d0f4ac97b76b228c1e31650b594128685b8bca161514e8360ce", "sha1": "7741a21cb286ab9a625cf8c86634949298fc64a5", "md5": "d916d4999245dd37619905fcc5579312" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/autolink/editor_plugin.js", "md5": "5091233229ffe517f075b787c5f388a6", "sha1": "363ad2a32d7190050a496ae08401e804b9288cc1", "sha256": "18206b88d18ca5915f9bfdf212466b62144e06bd111aa65957b58e7bdb11ac2b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-position-constrain-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position-constrain-min.js", "md5": "12c8f9f3b4b7ea6392eb13ec9fe21b19", "sha1": "d479f51148d2aa79c55e23f8a93b00512360ffb4", "sha256": "01aae2e0c1f2c87578767ccde212c9018a047bf59650506796401b441d74552c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position-constrain.js", "sha256": "01aae2e0c1f2c87578767ccde212c9018a047bf59650506796401b441d74552c", "sha1": "d479f51148d2aa79c55e23f8a93b00512360ffb4", "md5": "12c8f9f3b4b7ea6392eb13ec9fe21b19" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-position-constrain-min.js", "sha256": "01aae2e0c1f2c87578767ccde212c9018a047bf59650506796401b441d74552c", "sha1": "d479f51148d2aa79c55e23f8a93b00512360ffb4", "md5": "12c8f9f3b4b7ea6392eb13ec9fe21b19" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cache-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache-min.js", "md5": "14f90925601a9b1ffa466eafff99396a", "sha1": "9fe4c4058784be054ac009d2e7dfc84dd609fb5f", "sha256": "4442eada7887d61f6940008c5a98266e28da5b5fcd29f4e5faf37faf8594f0be", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache.js", "sha256": "4442eada7887d61f6940008c5a98266e28da5b5fcd29f4e5faf37faf8594f0be", "sha1": "9fe4c4058784be054ac009d2e7dfc84dd609fb5f", "md5": "14f90925601a9b1ffa466eafff99396a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache-min.js", "sha256": "4442eada7887d61f6940008c5a98266e28da5b5fcd29f4e5faf37faf8594f0be", "sha1": "9fe4c4058784be054ac009d2e7dfc84dd609fb5f", "md5": "14f90925601a9b1ffa466eafff99396a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history-deprecated-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history-deprecated/history-deprecated-min.js", "md5": "7b14ca4ff0f28b18d9055ecb27e3d5ae", "sha1": "e46f63f62057f5bbe3ed44da98d8e442418fb051", "sha256": "1c4d9466356ad90d32e4cbe337a06226432d82c9522bac948cc9b00c694d8330", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history-deprecated/history-deprecated-min.js", "sha256": "1c4d9466356ad90d32e4cbe337a06226432d82c9522bac948cc9b00c694d8330", "sha1": "e46f63f62057f5bbe3ed44da98d8e442418fb051", "md5": "7b14ca4ff0f28b18d9055ecb27e3d5ae" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history-deprecated/history-deprecated.js", "sha256": "1c4d9466356ad90d32e4cbe337a06226432d82c9522bac948cc9b00c694d8330", "sha1": "e46f63f62057f5bbe3ed44da98d8e442418fb051", "md5": "7b14ca4ff0f28b18d9055ecb27e3d5ae" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ca.js", "md5": "0981744f325b029a98946f848e524e37", "sha1": "693b8f2ed96905e9c4f9c2a473f41f883bb6ad4b", "sha256": "372855e0c9c609bff5266c2571138845d6c782b33b574b4b2959a30b7895f6c7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_vi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_vi.js", "md5": "2e4f44e9f5d0dde853438074e0a5758c", "sha1": "a38eedfc68d2c55a909a284c985570a0abc75568", "sha256": "284387e5012b2a20d8ef869a11fa2192f77f6e0338c533369aedd76414adacbb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-xml-format.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-xml-format.js", "md5": "088a14a6822f583187dac408cf6d43bd", "sha1": "a47bcc3284ec388696ea973625aa37ca6bc6c1f5", "sha256": "aee72de6f38a2c19aa9f8569349db77d2bbda374adba92091753c964e056e52d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "intro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/intro.js", "md5": "06f92ae14493a30ab0c48d4e4f5e51c8", "sha1": "57cb0fe440bc88a9fbbf6fa2753b0a79bffa9448", "sha256": "4c988b82288400d27f1f772b14a54872f81294949c767258acc17ab29fdd0a41", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ACLRoles.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/ACLRoles/ACLRoles.js", "md5": "6ffefbcaddafa5cd5e9d327c31feee64", "sha1": "9da34f6c71084a9d82a746a770d19b7881a96242", "sha256": "d8418ba4525fba2bbd3dc1885f054561d646aba0dd1451715b69af4e090c6b02", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-list-keys.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-list-keys.js", "md5": "8a604f75e909367faee9861f0aaa5149", "sha1": "47589cf830df1977941e742c9ac5bea7d8b4a14c", "sha256": "38d7abc361e0d0a84ae9be0e1c2c42d05984fce9e76d57fc8b3db21bc02631ca", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-min.js", "md5": "8a5e9317dc48c11f4cf93e21210452a5", "sha1": "523ea4f476023b5ce58b2421f29cf99fc079dd3a", "sha256": "cf047e4c55845c8f924ec65caba4ba73dc48a8004e25597e0a57a96077706617", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema.js", "sha256": "cf047e4c55845c8f924ec65caba4ba73dc48a8004e25597e0a57a96077706617", "sha1": "523ea4f476023b5ce58b2421f29cf99fc079dd3a", "md5": "8a5e9317dc48c11f4cf93e21210452a5" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-min.js", "sha256": "cf047e4c55845c8f924ec65caba4ba73dc48a8004e25597e0a57a96077706617", "sha1": "523ea4f476023b5ce58b2421f29cf99fc079dd3a", "md5": "8a5e9317dc48c11f4cf93e21210452a5" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Email.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/Email.js", "md5": "cb8b07311d0232d2856646d118ffae4f", "sha1": "c937fd116eed29a45c776d6d9b62fd7229ace430", "sha256": "941e2473e6a72300d08c420e1516ceadae3368b3e6275ca56c39d8f67d024437", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_fr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_fr.js", "md5": "3f693fffff2a79c11a0ece139fc8744a", "sha1": "402861587285b1f7119838db054a59072953540f", "sha256": "cf4f989e48b788b0667bacc2230e7ba477f48d7e8fc63876adcd7f0019f689d7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_pl-PL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_pl-PL.js", "md5": "360dce4bca4361d610f9514151b2e5fa", "sha1": "2e715a987708aebc7dd13a0cfa3c3e0d84439a8f", "sha256": "62d4bc52e40621575cae25850f486e5ca464412246562c573727af7d0a273f7f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/nonbreaking/editor_plugin.js", "md5": "232f23a586f10bd8ddabf38d767113d4", "sha1": "50d892836f8020b32717aadf18170288cc8b9974", "sha256": "2986ea9443c9663cd05264a18e3075e01740b229bff6b11699926f24ddc95cf1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_sv-SE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_sv-SE.js", "md5": "acb0e79d654acdf3ef296b307b743d0d", "sha1": "5f18b1be65b02a806f6b394536a854aef9f73895", "sha256": "67bd270c5c74fcdc1eb2e43775ff952c68168d2ab0f06ce799b984ce7c8964bf", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "scrollview-paginator.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-paginator.js", "md5": "1f111c74c51b2b160bd4332244227ff1", "sha1": "c12280b08680e844963ad21668061045bdeada6d", "sha256": "4b54188be177eb7b5ae5067cd8b3814b6cf1b6704487db0a37d63eab9de249f7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-paginator-min.js", "sha256": "4b54188be177eb7b5ae5067cd8b3814b6cf1b6704487db0a37d63eab9de249f7", "sha1": "c12280b08680e844963ad21668061045bdeada6d", "md5": "1f111c74c51b2b160bd4332244227ff1" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-paginator-min.js", "sha256": "4b54188be177eb7b5ae5067cd8b3814b6cf1b6704487db0a37d63eab9de249f7", "sha1": "c12280b08680e844963ad21668061045bdeada6d", "md5": "1f111c74c51b2b160bd4332244227ff1" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-AR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-AR.js", "md5": "43ba2713faeab5e15d357bdaf46bd049", "sha1": "79d847043f2b16787f7507c22e76c3e15adaebe1", "sha256": "932eafb23f808235857fe3264701eb95f827f8e37d22cb62cf3e86c73e115822", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_id-ID.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_id-ID.js", "md5": "80ec14e8b1c16808d4e2244e3d5b6ea4", "sha1": "ddaddf4d62f8390f0fbb0c812465fe0494fa44a3", "sha256": "7e946f8fc446b4124129ea78ae64fd3ffcc6c18e3d45f0eb79361f505f01d0ac", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "arraylist-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/arraylist-min.js", "md5": "d8f2f98ca8b25f79f42ad6598bfe0fac", "sha1": "5ec61100120a0fecdcecb1a4596beb5bf905358a", "sha256": "3ca35ca3ceb8350f117627852c886064ac1dd16c0ca4d58e84d17ac866d056b9", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/arraylist.js", "sha256": "3ca35ca3ceb8350f117627852c886064ac1dd16c0ca4d58e84d17ac866d056b9", "sha1": "5ec61100120a0fecdcecb1a4596beb5bf905358a", "md5": "d8f2f98ca8b25f79f42ad6598bfe0fac" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/arraylist-min.js", "sha256": "3ca35ca3ceb8350f117627852c886064ac1dd16c0ca4d58e84d17ac866d056b9", "sha1": "5ec61100120a0fecdcecb1a4596beb5bf905358a", "md5": "d8f2f98ca8b25f79f42ad6598bfe0fac" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_vi-VN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_vi-VN.js", "md5": "1db19ed1c840bff6e2ad8ee05de38e0d", "sha1": "19f739a9dc3e273757deec115c4e20f92ee28111", "sha256": "0e223edd5643fd2b12bda7b748e6dccbc7f658e44a914b7f25b85fc3da0bab6a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "MySugar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/MySugar/javascript/MySugar.js", "md5": "f8b9a23c8e6b4e29d14ff30af10f7740", "sha1": "fee7fb3c82ae8156330bd2a0ec2e118fe16bd463", "sha256": "db2362c373bd04351266ef608879ca656a981bf6ffe34e33c93a8369a880c4f7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ca.js", "md5": "12d0d4c120af3c5044fae08d586f9ce8", "sha1": "d1ad236472ac7e3555ef1d30c1db677aaf83f9c9", "sha256": "50df2d2a318472ef227d4fadacdc99be706536ed87f468bd80d6e0dc2a82e8e8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dom-style-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-style-min.js", "md5": "35831b30546e61a92a65b333a85a49db", "sha1": "8ddabd5a7ba34538592af8f17e0d59a9750257ac", "sha256": "af3dce3cde5e0f382404eb734fe3207b7c73041856f2a1fe63129364ddf66d5d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-style.js", "sha256": "af3dce3cde5e0f382404eb734fe3207b7c73041856f2a1fe63129364ddf66d5d", "sha1": "8ddabd5a7ba34538592af8f17e0d59a9750257ac", "md5": "35831b30546e61a92a65b333a85a49db" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-style-min.js", "sha256": "af3dce3cde5e0f382404eb734fe3207b7c73041856f2a1fe63129364ddf66d5d", "sha1": "8ddabd5a7ba34538592af8f17e0d59a9750257ac", "md5": "35831b30546e61a92a65b333a85a49db" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-MY.js", "md5": "21afe7982346d75670ae5435a111bb4e", "sha1": "d7a6b5dab21d73549e0df0f6d359ff64de3c0acf", "sha256": "6e794aa33e5765941f2a9ce8e8f2a529fae640f7c40e1adc62fe0cd21311af08", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-pluginhost.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-pluginhost.js", "md5": "39ac48fd4e41bcf520857e865b92247d", "sha1": "c196881e02a11d248145996ba9bd42e8a679f489", "sha256": "6fd588d162b125d3674818152d56af585f038ae19b227b9ea19f844a716b44f3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-pluginhost-min.js", "sha256": "6fd588d162b125d3674818152d56af585f038ae19b227b9ea19f844a716b44f3", "sha1": "c196881e02a11d248145996ba9bd42e8a679f489", "md5": "39ac48fd4e41bcf520857e865b92247d" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-pluginhost-min.js", "sha256": "6fd588d162b125d3674818152d56af585f038ae19b227b9ea19f844a716b44f3", "sha1": "c196881e02a11d248145996ba9bd42e8a679f489", "md5": "39ac48fd4e41bcf520857e865b92247d" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "connection.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/connection/connection.js", "md5": "999c12b3b67308d9c0a527d69de21682", "sha1": "d2b18a811b6445345a7063519cd9079a0fde47c9", "sha256": "4c8e7088fbf0dde58ed2547717a2713d09118862148c1b8d2a11f1b8321e724d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yui-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-base.js", "md5": "a4463771815df2fe8809b39a24d52258", "sha1": "0f9ac7c608540d75a4198e2ee159473ea7fd5354", "sha256": "10258e52c97d43fca0cb70b8e7b97b395dec88dc58b54a1379693934b8880b77", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/directionality/editor_plugin_src.js", "md5": "9da7f763c6a1f1b7fc61582e7d454cc3", "sha1": "958d86df15b80332ead159ae0027405d89e49c71", "sha256": "4f253c51294f0268721bae467b335b5b061aceaf3d1940e1f04d9f53731ad24b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hant.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hant.js", "md5": "2207f953c556ae32d01655a75803e555", "sha1": "3984a94fc68b33213c9ce4f96552009404fc32e8", "sha256": "292633c4f5594444eb14f308ca3afb59f9e873a81af3951ae26733c398c98407", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ja-JP.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ja-JP.js", "md5": "9596fce5251b32d85b0b29103cf1ba5d", "sha1": "70543e0337645d2e9ec8429e9d7cdaae0d2bbd60", "sha256": "8b1f49ce808b8ebf7c080db71f2a98c02cd075de23952c501fb79e64a4c4d0c6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ro-RO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ro-RO.js", "md5": "714377ad1aad2ae1249b226d251b9973", "sha1": "cfa99171819e8636ce5a59d0673f35cb76ea6593", "sha256": "e941e3458f778db213b09e2df5115bf030e0c5ebabe55cf0f44219585c0f171c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/image/plugin.min.js", "md5": "2e6a2dadc50671f4d116230c6814a478", "sha1": "8edfc26130a2333d35d37d66cbb63f183bbe37a1", "sha256": "2275cdb58383417855c8cb715c41ed8affa4461491cfbf19b970971d18541562", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-sort_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/lang/datatable-sort_en.js", "md5": "245f3c1e70eff71b8201d087731385dd", "sha1": "c70aa35f5cb936481b8e112885cd2c110230bb69", "sha256": "7d2acd821ab7184bc8d53f8ac86f527b6cb3d35053dc09055dbb2e51dd74c449", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-custom-complex.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-custom/event-custom-complex.js", "md5": "8a130836a53013d0e70cc7a280d1a59e", "sha1": "6b0fc35ac3049b490c4ffdaac18e2ed50d76f546", "sha256": "ade3f51099fa57f89c702001614fb6e751e734c663289d72c4bfff30273e040f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-flick.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-gestures/event-flick.js", "md5": "1c72e7cfe79211737663c3f2dca247c8", "sha1": "4496477ae5e6f59271eaae0ba0b7d8ecf4265c62", "sha256": "5bc6a9814bd80152908453ab5fb3a3183ec79315d4b1f94d904ec28cf0b92b66", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.qtip.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/qtip/jquery.qtip.min.js", "md5": "6e870f6b75ebc21e6c364a1533832ada", "sha1": "6a52e136567c551080342f2fef538cb11201c613", "sha256": "caa912c34ff707259ec7d5c4f335fcf2d58f148d985702e140c1937acfc0c445", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/qtip/jquery.qtip.min.js", "sha256": "caa912c34ff707259ec7d5c4f335fcf2d58f148d985702e140c1937acfc0c445", "sha1": "6a52e136567c551080342f2fef538cb11201c613", "md5": "6e870f6b75ebc21e6c364a1533832ada" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "fr-ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/fr-ca.js", "md5": "333a401c2189dc751dc365b5f0b50e56", "sha1": "d31e80cf0a9bdf59354cc31be9f586e496fe63ca", "sha256": "98afac62fccc3c63e3631f0eea479f6dcc6c48c94561e7fb20f8174e04db3a4b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/textcolor/plugin.js", "md5": "ff76dd12efde3c20a321d00058535b3f", "sha1": "76aa1566460744177608de080a37f36c4d6f766c", "sha256": "258e3a92d83f57d98e58c65dc210a3d52096bc0276c4cd3258ef79eac56fc723", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-xmlschema.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-xmlschema.js", "md5": "4a9f283a6fd461205094f5e76de444ba", "sha1": "9eeb7399368eb79a236f1f3e19364f3c50dbb656", "sha256": "864127e22b972e555be4ce7860e7711b89b7202ea1f7f6cd5f73ca86740166ee", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dial_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dial/lang/dial_es.js", "md5": "60479cee8a453f7d4bc2addb78a7f372", "sha1": "065e7c22bd09136e91447c0f59ad76caf6369d19", "sha256": "3256de9415b44f324b9482f4b91d1f501d95576e82b9b4257d9f2b9f2b084148", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_pl-PL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_pl-PL.js", "md5": "b39f1ad6d9c01c11dd4e523389556c51", "sha1": "829a4dd7d47ed1696c8423248cd80d901a015448", "sha256": "bce944d99a3a8d2f50a9d24ddc65fc1236521e8d5dd6733fc079c29060b8f44d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_sv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_sv.js", "md5": "015f066e6989e8e3b6a2b7a579eef33a", "sha1": "fd46d47c5c9e125d2ece94454437e664d7014a42", "sha256": "92249f61e870af58d0becc07e3537f34797ee149d21774d32f33799cffc51504", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "profiler-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/profiler/profiler-min.js", "md5": "868b87d8388991b2f4d2729aa2b4913b", "sha1": "876cd3407d340363bbb7ef15421f907695546cec", "sha256": "d2234f8703871a3612a2b4f9caf07fb3941c5e765899018acf5f47cb29044abe", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/profiler/profiler-min.js", "sha256": "d2234f8703871a3612a2b4f9caf07fb3941c5e765899018acf5f47cb29044abe", "sha1": "876cd3407d340363bbb7ef15421f907695546cec", "md5": "868b87d8388991b2f4d2729aa2b4913b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/profiler/profiler.js", "sha256": "d2234f8703871a3612a2b4f9caf07fb3941c5e765899018acf5f47cb29044abe", "sha1": "876cd3407d340363bbb7ef15421f907695546cec", "md5": "868b87d8388991b2f4d2729aa2b4913b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "AOR_Report.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Reports/AOR_Report.js", "md5": "f18913334fc1470b2617081ae53602a5", "sha1": "ed7852ed4759087380f376f1be7cc2a49d23eda7", "sha256": "2f61a126119466656d8c3ad443091352f5465b44967e0807bf2e0c83d8a43f90", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.markitup.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/markitup/jquery.markitup.js", "md5": "60d248adc986c60386db84b4e62fd1ba", "sha1": "0972a0ed541a6009e3064fa0910535772758cfcf", "sha256": "b96a48970ec30e45246f63a87df1442533fac868c59c8aaa97b1beaaf75d9263", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarFieldFile.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/File/SugarFieldFile.js", "md5": "f8593de6fa0385afd8c04e766d0b9fa1", "sha1": "a2b07149b5339fe3d8eac89fdc3098313a60d879", "sha256": "1d3b940970d81a0c3dd9ecbf905cc84cc54c5470379605835c0ddb09d2da6879", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "studio2RowDD.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/studio2RowDD.js", "md5": "ce2a4bfa3dbaca4249d73df0bc5dfaad", "sha1": "8a0afe324ec24fe02e692f81fba0583a3a7ee989", "sha256": "b5a16f1f9f6bd29e08b03428d64a434a9fd979191c95f8ed7c4a683edd82657a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "mctabs.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/utils/mctabs.js", "md5": "bd062418b6a7e5007649421815021565", "sha1": "da9e10b2083e3041572049003d65688dedf557d5", "sha256": "7cea557d254ff35030f34ac12d0b81e97ebb36246be9e74bae3ee22909edf4bf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-min.js", "md5": "811e4280c8dc36ba2935fef6e62f7a0e", "sha1": "0ba0f4565ede5261567a41625bcff6f49ad699c3", "sha256": "8be2369c4ffdaa9a628446ee53594b9dbb61f2ca7870b123c5bcb597fc057b1d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event.js", "sha256": "8be2369c4ffdaa9a628446ee53594b9dbb61f2ca7870b123c5bcb597fc057b1d", "sha1": "0ba0f4565ede5261567a41625bcff6f49ad699c3", "md5": "811e4280c8dc36ba2935fef6e62f7a0e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-min.js", "sha256": "8be2369c4ffdaa9a628446ee53594b9dbb61f2ca7870b123c5bcb597fc057b1d", "sha1": "0ba0f4565ede5261567a41625bcff6f49ad699c3", "md5": "811e4280c8dc36ba2935fef6e62f7a0e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "AOS_PDF_Templates.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOS_PDF_Templates/AOS_PDF_Templates.js", "md5": "7fcfe37015e01fd38c820a4bb0cd781e", "sha1": "0a5546707a5eea658bb180c14dfeebfa5a03d019", "sha256": "d9ba27799f9e218b7d531817c702be376239066b267dcecacac4164310f47699", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dial.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dial/lang/dial.js", "md5": "cbe8b5a9a00724add59410bf7765821e", "sha1": "6dc5bad5c9a957651b47c5dc8b816c902786350c", "sha256": "86a2a37854ea66dafbcca14fa8cf503036e35a3355f9a41dc5f5e56b3e523a1d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-easing.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-easing.js", "md5": "063cde92f4962676221f61e05a53c6ab", "sha1": "38a7b4d784de7de6cb2ac6ffb55237255c9d6432", "sha256": "749f604078f00d1df5d8161406217361a34074defa6fa1efd3cc184854f80689", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-load.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-load.js", "md5": "52cf8822b11ccb82c3bdfa06018ad117", "sha1": "3fc5d95309baf6b4d0d1f4cd5e8fcea99c24b4b4", "sha256": "b56e041cf5a0b728b16e81191e73eed830e57af71ccfac7f5ffaee6aec7a1ac6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-load-min.js", "sha256": "b56e041cf5a0b728b16e81191e73eed830e57af71ccfac7f5ffaee6aec7a1ac6", "sha1": "3fc5d95309baf6b4d0d1f4cd5e8fcea99c24b4b4", "md5": "52cf8822b11ccb82c3bdfa06018ad117" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-load-min.js", "sha256": "b56e041cf5a0b728b16e81191e73eed830e57af71ccfac7f5ffaee6aec7a1ac6", "sha1": "3fc5d95309baf6b4d0d1f4cd5e8fcea99c24b4b4", "md5": "52cf8822b11ccb82c3bdfa06018ad117" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "respond.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/respond.min.js", "md5": "afc1984a3d17110449dc90cf22de0c27", "sha1": "b5aba40d65b0d6f85859db47f757ea971a0efd30", "sha256": "83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/respond.min.js", "sha256": "83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1", "sha1": "b5aba40d65b0d6f85859db47f757ea971a0efd30", "md5": "afc1984a3d17110449dc90cf22de0c27" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.blockUI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/js/jquery.blockUI.js", "md5": "4ef4f2476c42316941c34ed1034d44b1", "sha1": "5f068551e73e2248e5d0aae1d8df53301d1f01ae", "sha256": "ab866744f40607d863d7abd43c5986c0ea7825b5ba599e95b5d02556b6a68b63", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/js/jquery.blockUI.js", "sha256": "ab866744f40607d863d7abd43c5986c0ea7825b5ba599e95b5d02556b6a68b63", "sha1": "5f068551e73e2248e5d0aae1d8df53301d1f01ae", "md5": "4ef4f2476c42316941c34ed1034d44b1" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "studiotabgroups.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Studio/studiotabgroups.js", "md5": "f4e9b9173362342cb9523f3afe068ad5", "sha1": "5b0601b56fa76df6f209570103e6ae603b5baedf", "sha256": "822c2f973284e2247419b0eb47d105d0ebb4c24609b829df9f91750c3b60dcdb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "charts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/charts/charts.js", "md5": "6759db92d8e0f45997da06f25a778763", "sha1": "42dac89ab1d01c4017cc8a26e161b50d519c21bf", "sha256": "0e23a96c233f1424583bbdeae2444fc880664c5711b57e07816cc7beb85eb8ca", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/charts/charts-min.js", "sha256": "0e23a96c233f1424583bbdeae2444fc880664c5711b57e07816cc7beb85eb8ca", "sha1": "42dac89ab1d01c4017cc8a26e161b50d519c21bf", "md5": "6759db92d8e0f45997da06f25a778763" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/charts/charts-min.js", "sha256": "0e23a96c233f1424583bbdeae2444fc880664c5711b57e07816cc7beb85eb8ca", "sha1": "42dac89ab1d01c4017cc8a26e161b50d519c21bf", "md5": "6759db92d8e0f45997da06f25a778763" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "get-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/get-min.js", "md5": "f2662733b6be93b413604d8ac6834f84", "sha1": "5285e9e4824a2466d562f961c2891a7b9d019768", "sha256": "baa4d98d441374f0f3e8b9be4fc8d50b85c8e59507fce9f6ac461ff50a28fed1", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/get-min.js", "sha256": "baa4d98d441374f0f3e8b9be4fc8d50b85c8e59507fce9f6ac461ff50a28fed1", "sha1": "5285e9e4824a2466d562f961c2891a7b9d019768", "md5": "f2662733b6be93b413604d8ac6834f84" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/get.js", "sha256": "baa4d98d441374f0f3e8b9be4fc8d50b85c8e59507fce9f6ac461ff50a28fed1", "sha1": "5285e9e4824a2466d562f961c2891a7b9d019768", "md5": "f2662733b6be93b413604d8ac6834f84" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "DetailView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Users/DetailView.js", "md5": "a8e7e9b6469ab350fc32951f11500c25", "sha1": "8c034509edadcc6bd37b09ecb6aabe47f5b726b6", "sha256": "65759edd71b244295d800e336b9234c542d02ba6cec1a427f387a4897a2e23ea", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "prettify.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/filp/whoops/src/Whoops/Resources/js/prettify.min.js", "md5": "75d1fbe9771e432b36fa387bc561973f", "sha1": "60460f7dc13f791f084801c969d768799894d2f9", "sha256": "a2ae206579112903445f0c0d4b98f31ab901db28e8873dc7c81ce40a06372745", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_zh-Hant-TW.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hant-TW.js", "md5": "c51769d92b447fe9925952a922696b3e", "sha1": "6c7d140b60158ef0cd92ae87aeda1d97938a1b10", "sha256": "a361718d4d027f0ee94ba641ec77e6794dc83c9a66f2f57d82b84bc41a1265bc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "simpleyui.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/simpleyui/simpleyui.js", "md5": "916692c640440f8a86336cf07c1f7301", "sha1": "9a8fc12f93c5b755c83a17035147ffc62c51a052", "sha256": "2abf30087973fbe82e4ff6f48387daa84020d95c958c3f585363ee7422183413", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/simpleyui/simpleyui-min.js", "sha256": "2abf30087973fbe82e4ff6f48387daa84020d95c958c3f585363ee7422183413", "sha1": "9a8fc12f93c5b755c83a17035147ffc62c51a052", "md5": "916692c640440f8a86336cf07c1f7301" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/simpleyui/simpleyui-min.js", "sha256": "2abf30087973fbe82e4ff6f48387daa84020d95c958c3f585363ee7422183413", "sha1": "9a8fc12f93c5b755c83a17035147ffc62c51a052", "md5": "916692c640440f8a86336cf07c1f7301" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "bootstrap.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/bootstrap.min.js", "md5": "4becdc9104623e891fbb9d38bba01be4", "sha1": "6c264e0e0026ab5ece49350c6a8812398e696cbb", "sha256": "4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "bootstrap" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "bootstrap" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.5" } ] }, "packages": [ { "id": "pkg:javascript/bootstrap@3.3.5", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.3.5" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2018-14040", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "notes": "", "references": [ { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/20184", "name": "info" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630", "name": "https://github.com/twbs/bootstrap/pull/26630" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26625", "name": "https://github.com/twbs/bootstrap/issues/26625" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423", "name": "https://github.com/twbs/bootstrap/issues/26423" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html", "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.2" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2018-14041", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.", "notes": "", "references": [ { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/20184", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630", "name": "https://github.com/twbs/bootstrap/pull/26630" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423", "name": "https://github.com/twbs/bootstrap/issues/26423" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26627", "name": "https://github.com/twbs/bootstrap/issues/26627" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.2" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2018-14042", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423", "name": "https://github.com/twbs/bootstrap/issues/26423" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/20184", "name": "info" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630", "name": "https://github.com/twbs/bootstrap/pull/26630" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26628", "name": "https://github.com/twbs/bootstrap/issues/26628" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.2" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2019-8331", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.", "notes": "", "references": [ { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "CONFIRM", "url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", "name": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/28236", "name": "info" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/28236", "name": "https://github.com/twbs/bootstrap/pull/28236" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/107375", "name": "107375" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "CONFIRM", "url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS", "name": "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "CONFIRM", "url": "https://support.f5.com/csp/article/K24383845", "name": "https://support.f5.com/csp/article/K24383845" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", "name": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", "name": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0", "versionEndExcluding": "4.3.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_zh-Hant-HK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_zh-Hant-HK.js", "md5": "fccf087cc0db6a165b9a3078f27375d9", "sha1": "6179986e9759ed77b6992ebf4c2b99444c04699f", "sha256": "3772fac6d2fc99ec559ef41866152bee172120bbb83122a32379920c82c9b2e2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_nl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_nl.js", "md5": "a466a94d5a0e5f928f0e4025121bd5c2", "sha1": "f40d75c52bb86d3ea4a9ea48134bd34c4c54f09b", "sha256": "4e62679c67318e06e798f908e2d6103318efe857e546630844522242033713e8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "imageloader-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/imageloader/imageloader-min.js", "md5": "5dcffdbd0d8e3e56a2f05f8968c901e0", "sha1": "6750acb327cb4440a9f5fbe2f6758917f6d7670b", "sha256": "c0460979bcc4fa86f6e5b56447ca0d3da640e5ab5d5cd6f666a98cca95929875", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/imageloader/imageloader-min.js", "sha256": "c0460979bcc4fa86f6e5b56447ca0d3da640e5ab5d5cd6f666a98cca95929875", "sha1": "6750acb327cb4440a9f5fbe2f6758917f6d7670b", "md5": "5dcffdbd0d8e3e56a2f05f8968c901e0" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/imageloader/imageloader.js", "sha256": "c0460979bcc4fa86f6e5b56447ca0d3da640e5ab5d5cd6f666a98cca95929875", "sha1": "6750acb327cb4440a9f5fbe2f6758917f6d7670b", "md5": "5dcffdbd0d8e3e56a2f05f8968c901e0" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-base.js", "md5": "1e413a035051a6b497c4f33e2eb5e264", "sha1": "8f3be1d525427ecf25c49fae2af1a67d2b9a9c92", "sha256": "5482dfbf4284841f51cb355dda9cc7ef64d07c429768f8bdea9087abc63ecc62", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "rating.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Surveys/javascript/rating/rating.min.js", "md5": "5cab9c748cf8c51b4937cb8e6cf0d306", "sha1": "43edd1a90167b1a80d4d87c002406f6cc460700e", "sha256": "7aab9f6eb1aed76aa48830946da1c8f0a3450c784688486080705cf99612e9d1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "scrollview.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview.js", "md5": "5b05416884cb82a059e30894eecadf77", "sha1": "8f51923495c9da5b466719b44f6a0a68be4ef9e8", "sha256": "e058b2b5fb2fef3e8131524d41858b4c73570bdff7a75ff4ef3684912af8cd1d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-min.js", "sha256": "e058b2b5fb2fef3e8131524d41858b4c73570bdff7a75ff4ef3684912af8cd1d", "sha1": "8f51923495c9da5b466719b44f6a0a68be4ef9e8", "md5": "5b05416884cb82a059e30894eecadf77" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-min.js", "sha256": "e058b2b5fb2fef3e8131524d41858b4c73570bdff7a75ff4ef3684912af8cd1d", "sha1": "8f51923495c9da5b466719b44f6a0a68be4ef9e8", "md5": "5b05416884cb82a059e30894eecadf77" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-datasource.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-datasource.js", "md5": "0446f0ded967a91dda3042eb82118ce1", "sha1": "7151a8cd2af1ea9df894cc75c9042f41ac3eba81", "sha256": "8b8091cc9a956cd5d0123255e824e519ae9b1d82d5e8837aa1434b211cbc6ef3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/spellchecker/plugin.js", "md5": "1d9ec544b5044276f4a73c7d53e36c19", "sha1": "9619c6595aea1bfdfdbbc0204299be02d11be9e7", "sha256": "5f01e8cd562a3e3ab27686911d006585265bdaed0a8b87f23b25fec640a80710", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tabview-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/tabview/tabview-min.js", "md5": "d726a6427cb3755a201619e9736d0028", "sha1": "7ee09caf58361e9fbb09336a146d95af81c589ca", "sha256": "d70ac9d34770e624b92d5797481af9c95d01095046b759533aa0af7f42450572", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-JO.js", "md5": "2645daae552ee8fc89a5d0aa4835ef40", "sha1": "2c4c509d57ac0d1125b1cec84886cbe2c44cd1ff", "sha256": "48aa8ccf62047b76476a6d0207b8fba3c8572334149f80a9760ba5e37ed4d211", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-ddm.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-ddm.js", "md5": "7011622eafe713dc5b34705d301c7330", "sha1": "40ce215c082040b5fd636c938f97094f6bdce058", "sha256": "8fce78fc6de48d09e266ed7462678d9d3d3e0db94a000c4a4d730d04ac68a174", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-AR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-AR.js", "md5": "86f46e61d0ae68895021932c8f409534", "sha1": "4d40f99642fca315bab16bfb7af00cddd2bff197", "sha256": "d4ef5b5ebe88b38177bcb52bac7822f1a13701e0f856718c864b5c40c7d58600", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_nb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_nb.js", "md5": "3a0307ab5fe6b9992fc7d4adb25d7a91", "sha1": "1c93382f582f5adf78fcce29f0994c05db44e6c0", "sha256": "c92ea982e6a646395e8a044914772778b6af95b178dd9f5737d86c4d350d8018", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/langs/en.js", "md5": "eff36a9433bccea2f3243b1465fe6fe3", "sha1": "f15dff2a502c0c261ef9ce313ec83c44d7e8acce", "sha256": "35e820dcf2bcc6818dbc5122c28b154d4e1643603e9fce7fb75f87cec4634c97", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datemath-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/datemath/datemath-min.js", "md5": "5cb1bb0564dfee5ca146b2101b75bf22", "sha1": "3b2e74890afc6046ecf5eb06fa42d91ac5ba56bd", "sha256": "6a0b25bb99b0eef5ddd7249ca1b1382e1b50103b86f16265d1a234d9754c43d3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/plugin/plugin.js", "md5": "84440fe8ec274ae42da7b76b3a1d2aa2", "sha1": "7f3a54454e557ba13aee1b9a556571883d732d04", "sha256": "c632bdde4997d1ec3fc1c94099a74f4452b07d42a3b5bc5c26a8a450596f3bd6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-custom.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-custom/event-custom.js", "md5": "6c9bf45da13c32ed4477160ba6c415f3", "sha1": "e0c2ded9d2a6c1ff2a593a645da88aea12481aa9", "sha256": "65b2a4f8f0b371f830c33292e40dbd1327351b55beb579c936331d5776d2c8a2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-custom/event-custom-min.js", "sha256": "65b2a4f8f0b371f830c33292e40dbd1327351b55beb579c936331d5776d2c8a2", "sha1": "e0c2ded9d2a6c1ff2a593a645da88aea12481aa9", "md5": "6c9bf45da13c32ed4477160ba6c415f3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-custom/event-custom-min.js", "sha256": "65b2a4f8f0b371f830c33292e40dbd1327351b55beb579c936331d5776d2c8a2", "sha1": "e0c2ded9d2a6c1ff2a593a645da88aea12481aa9", "md5": "6c9bf45da13c32ed4477160ba6c415f3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-synthetic.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-synthetic.js", "md5": "3bba116a41caa0eb90ab81d704bbdcb7", "sha1": "8813536c0bef5db0a03bdbbcb5040bd63fb145c1", "sha256": "e1af4bcae2503d5f1913bf583497c372cd16fe2b537a56d7a0e13216478b51a4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history-hash-ie-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-hash-ie-min.js", "md5": "966d4639358db9422ae4bb7346cbf6e7", "sha1": "82aa6844594dc229e3381eb3bd49c9183cb4f8db", "sha256": "3f4f04459addbd7ac9c2b36f144f723f9c20161af17a94242b588a371a507e0c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-hash-ie-min.js", "sha256": "3f4f04459addbd7ac9c2b36f144f723f9c20161af17a94242b588a371a507e0c", "sha1": "82aa6844594dc229e3381eb3bd49c9183cb4f8db", "md5": "966d4639358db9422ae4bb7346cbf6e7" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-hash-ie.js", "sha256": "3f4f04459addbd7ac9c2b36f144f723f9c20161af17a94242b588a371a507e0c", "sha1": "82aa6844594dc229e3381eb3bd49c9183cb4f8db", "md5": "966d4639358db9422ae4bb7346cbf6e7" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ru.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ru.js", "md5": "b0e2380c3fc3b56dd90fea5d41eb0f16", "sha1": "0c5711ca8fedd49eec09c0ebdc561cb24d4a8082", "sha256": "765e0eb6c4fb365d6e950f9dd1a964ec1f850159b13bd7a17344cae9acf853f3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-CL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-CL.js", "md5": "3a889d2a6d4a65e2d858d4bcf752952d", "sha1": "664affb3355fb264f9acf4bd11e417679e3dd682", "sha256": "eb2b6cb7c82963376eb5ad27ff5e2d5466b6e94aa895525c9649ae87669ff6bd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_zh-Hant.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hant.js", "md5": "2b516a2136ad19e7f8fc7ce858133fdc", "sha1": "d7aeebee5d89c81a3256831e8752734274656a47", "sha256": "cd733c6342bfd680f1ffb9820ca47139a89f3907957cef08a2d01459e5cab86c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-plugin.js", "md5": "8fddb09580fbe57520f3ec2fd2d21806", "sha1": "d95962dc1e11695756fa27a5ef6ddf7ebf00f072", "sha256": "d699f0150d197ed2856dd75daa9a410a9f48769f688825066afd917063119bed", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hans-CN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hans-CN.js", "md5": "38b9636d61af7f7e1953548c9307a45a", "sha1": "0e4088bdc474e89f5c8eaba59ef62da884b9f70e", "sha256": "af150dd079a86224dea626c612bb968a81a651d1fe0ae1d8f64a874b89e22ff3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.bipolar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.bipolar.js", "md5": "33125e9fd05982cf95f98b721199f2e2", "sha1": "d5b9218b239ff83c5e99d2036a1a106f84eff16b", "sha256": "c1718441a1b47ed15c2ce6862d81693bf3681493df2f63c5110e741cd8559562", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tour.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tour.js", "md5": "67b30f52ac034f137f929fc563559c47", "sha1": "b142d1e7cf351812acffcb35ee130a76e5e893af", "sha256": "e92b60baa20efa0a2e0cba1038ddcfa0a40c181bf46cfad81145741c1d4f89ca", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dataschema-xml.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-xml.js", "md5": "300a4d650df436d6bb9dc078e85d9389", "sha1": "019ce88905ee694988f1647f2797343e44cf4242", "sha256": "82c0bb85a529636d7c910e46002f87fb86b28d41372326a2e2ee7e7cc4317f66", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "EmailsComposeViewModal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/EmailsComposeViewModal.js", "md5": "1adf14bb17601ec368546a27b6af41e1", "sha1": "e344630d6806aa5a3d0259d343210cf4aa5d2efb", "sha256": "aca3e017da2a33e100540fa1108150c8d9dcb0737f85fc15f3bef23fbe43a7f0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "bootstrap.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.min.js", "md5": "5869c96cc8f19086aee625d670d741f9", "sha1": "430a443d74830fe9be26efca431f448c1b3740f9", "sha256": "53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "bootstrap" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "bootstrap" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.7" } ] }, "packages": [ { "id": "pkg:javascript/bootstrap@3.3.7", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.3.7" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2018-14040", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "notes": "", "references": [ { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/20184", "name": "info" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630", "name": "https://github.com/twbs/bootstrap/pull/26630" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26625", "name": "https://github.com/twbs/bootstrap/issues/26625" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423", "name": "https://github.com/twbs/bootstrap/issues/26423" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html", "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.2" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2018-14041", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.", "notes": "", "references": [ { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/20184", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630", "name": "https://github.com/twbs/bootstrap/pull/26630" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423", "name": "https://github.com/twbs/bootstrap/issues/26423" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26627", "name": "https://github.com/twbs/bootstrap/issues/26627" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.2" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2018-14042", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423", "name": "https://github.com/twbs/bootstrap/issues/26423" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/20184", "name": "info" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630", "name": "https://github.com/twbs/bootstrap/pull/26630" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26628", "name": "https://github.com/twbs/bootstrap/issues/26628" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.2" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2019-8331", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.", "notes": "", "references": [ { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "CONFIRM", "url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", "name": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/twbs/bootstrap/issues/28236", "name": "info" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/pull/28236", "name": "https://github.com/twbs/bootstrap/pull/28236" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/107375", "name": "107375" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "CONFIRM", "url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS", "name": "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "CONFIRM", "url": "https://support.f5.com/csp/article/K24383845", "name": "https://support.f5.com/csp/article/K24383845" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", "name": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MISC", "url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", "name": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0", "versionEndExcluding": "4.3.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndIncluding": "14.1.0" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndIncluding": "13.1.1" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } }, { "software": { "id": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.4" } } ] } ] }, { "isVirtual": false, "fileName": "server.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/guzzlehttp/ringphp/tests/Client/server.js", "md5": "88d159b78be1b7fa9212209d4d38aef3", "sha1": "98616b32316b8c365d47211bc6ad13081c951910", "sha256": "b232eddc7abce54877b177fecd427834bd783835909cae4b42ac265443974331", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "hiddeninput.exe", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/symfony/console/Resources/bin/hiddeninput.exe", "md5": "3613d8d83b78ce3561680a447eb6a24a", "sha1": "995eb0e883c7adebcfadd29100d810cb7f882bcd", "sha256": "8fdff52a7430dba14fb97239c7fe414710991f16da269374e0936a1385f3a318", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "hiddeninput" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "hiddeninput" } ], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "EmailsComposeView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ComposeView/EmailsComposeView.js", "md5": "0b0646cfd75efa6a700128c1ea412ad3", "sha1": "e642df1e11883ae79163c38457921418b6b864d4", "sha256": "331148b3d20013ad117bf21928ebb6af674340392b0b92db0bf2aecebaf1e209", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_fr-FR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_fr-FR.js", "md5": "bee6bdd006e3350a78477248b24a9a36", "sha1": "ac9ddc02b7b1d712d5af9708f74982da27d12647", "sha256": "0640dfdfb6f964a2881674e13a348477295e7698d7cf7b63475deae222d7af8c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/iespell/editor_plugin_src.js", "md5": "6197421bd9a75291fa89a245fdca5f47", "sha1": "1929e8a6f1f5a533d28cac0cc67ab10571bbdf30", "sha256": "3deb830ccbdd9b2b7a02914b7e815d08e93ada98d8c587744dafd214ee3dac3c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.browser.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.browser.js", "md5": "72b3f95262ab3cfe599e97773de4c3a4", "sha1": "65b76679a031695e94c40fa41e13812133dddca6", "sha256": "8f0882827f9659f5c5cea4e266fbde7784c84cb395578c22b0653114197b6091", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/table/plugin.min.js", "md5": "b812ab8a7175bb13806144b039a40679", "sha1": "530a346ab4c1c130233ec5f6a4be69ca210917d0", "sha256": "e29a4ac4b5071d6fbd2aa9f7dc3864e92e6250ed484a077eb24694c687e2340f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "test.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/test/test.js", "md5": "a630d9d8ff554b2efe6f94d325ef4d2a", "sha1": "99a9982e368534cb6c072af64658f6f06e6b3374", "sha256": "ae93a21faf7351011e5c24f7b2fe9e64da3f21e67e1a8845e9191b54e7fe8dd3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pluginhost-config.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/pluginhost/pluginhost-config.js", "md5": "2e1989f96e84196e27156afc42a788ea", "sha1": "9b1b1b2c35d665333a2fbd94f38214dff0d924da", "sha256": "40f4b2487fdfac658464e56e6934db77693d57d239996334fe99efe86eb6d746", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_id-ID.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_id-ID.js", "md5": "95d7e9d985475e7c9618d5b88b6f29dd", "sha1": "ad0575825b49d68ace1e6d7e650d824fec6ecedd", "sha256": "33e62b8496a7493225baeeb1f966a6c0f5592fec2564c700c2b1203ec31fa602", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "main_lib.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/js/main_lib.js", "md5": "9cbbc1271c8fb839650ab8a136924c29", "sha1": "acc5b9707b05fe7048e533537a03172902456972", "sha256": "b614adb05064aab2b72777a54a6cf6f7d7a8f71dc89ad0143edf8b7a367d9bab", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/image/plugin.js", "md5": "196bc5b77501df492aa361742d6dcb6d", "sha1": "8d56f16dbd92e1d662154a03713524ca7deebf85", "sha256": "4c28d06c55def5f86302d7fc109e22b9eedd7eeebd92958a7267ece647b338ba", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "loader-rollup-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-rollup-min.js", "md5": "e08234a4c4cba9bdaef5d464909c3ca5", "sha1": "f0f60109993197ac2625b0dfb2770ab3414452fe", "sha256": "b06e1f1144b6502512f84b9b7a32035b751b06373e59714134fb551a2cf5d749", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader-rollup.js", "sha256": "b06e1f1144b6502512f84b9b7a32035b751b06373e59714134fb551a2cf5d749", "sha1": "f0f60109993197ac2625b0dfb2770ab3414452fe", "md5": "e08234a4c4cba9bdaef5d464909c3ca5" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader-rollup-min.js", "sha256": "b06e1f1144b6502512f84b9b7a32035b751b06373e59714134fb551a2cf5d749", "sha1": "f0f60109993197ac2625b0dfb2770ab3414452fe", "md5": "e08234a4c4cba9bdaef5d464909c3ca5" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/emotions/langs/en_dlg.js", "md5": "62c052504a77e4f4cec6d90ece0d76c4", "sha1": "43754690c276c7571b550b03baada6b4ebfa59ee", "sha256": "1de49dce2654a4f484198f446a68e26752a48612253d2e226a59dfc5b60cc117", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "queue-promote-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/queue-promote/queue-promote-min.js", "md5": "1b4921ed60918b28ca584431dbfff929", "sha1": "1d0f4a8a9c9db1408eb8ea109d84bdfb3957353f", "sha256": "d5e4315c1015be1457318fe13ab964ae12611aeea25aa672011a121912e7dbd7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/queue-promote/queue-promote-min.js", "sha256": "d5e4315c1015be1457318fe13ab964ae12611aeea25aa672011a121912e7dbd7", "sha1": "1d0f4a8a9c9db1408eb8ea109d84bdfb3957353f", "md5": "1b4921ed60918b28ca584431dbfff929" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/queue-promote/queue-promote.js", "sha256": "d5e4315c1015be1457318fe13ab964ae12611aeea25aa672011a121912e7dbd7", "sha1": "1d0f4a8a9c9db1408eb8ea109d84bdfb3957353f", "md5": "1b4921ed60918b28ca584431dbfff929" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_nb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_nb.js", "md5": "7dbb11c15c453d4a93ab983f80a309eb", "sha1": "7f849006c533c5c6dd1ebe7677ddfa8830d9d37e", "sha256": "ccc0203a0ca0a8525d23ff0c991ed9cc19a6c78bced3ac31d3b4754ddbe7823b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_th-TH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_th-TH.js", "md5": "57cf608f560380ba96bdf1c7df68889c", "sha1": "39ca7129fd260a0062de241e51c15548e4796bf9", "sha256": "32c68e05a4e0d76a947111507765feb2e17d49ca9efb0f2d61d6c721188c503f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "resize-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-min.js", "md5": "4f5815065a4823a09e91802de1a393ad", "sha1": "11921656b8e19e3d99f41894a646cda3853413e7", "sha256": "2873d772068f34133460febfae6b75de4abffa6cdaf52a771fd755f4c17658be", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize.js", "sha256": "2873d772068f34133460febfae6b75de4abffa6cdaf52a771fd755f4c17658be", "sha1": "11921656b8e19e3d99f41894a646cda3853413e7", "md5": "4f5815065a4823a09e91802de1a393ad" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-min.js", "sha256": "2873d772068f34133460febfae6b75de4abffa6cdaf52a771fd755f4c17658be", "sha1": "11921656b8e19e3d99f41894a646cda3853413e7", "md5": "4f5815065a4823a09e91802de1a393ad" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_fr-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_fr-CA.js", "md5": "65b1819e9ee8ab9d950626fd7586847d", "sha1": "7991f2c9e894765c4532e1cea2f32f59b4091101", "sha256": "f9fbc4308ca61db471ae11843d2477a6ccb7cdd13ef73e64c90e5537eafb4409", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "range-slider.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/range-slider.js", "md5": "60f8c54a68aa36235c2c425d61da13eb", "sha1": "76633339dd7d790bb7558d4e1b6ea6e12a93186f", "sha256": "ec70bb00c8cffbff9214f3d78a0ee3dbdf043aa5460ed96ce29ce38506a500a8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yui.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui.js", "md5": "c195c23bd0541d89514ac7912fa99aa1", "sha1": "66e2758fc5064cf25969c6ffd42ba9677d45506e", "sha256": "7ee67fbe51e9d6559f2e6376957668572c494d0d93952f75eafc0b81800d6218", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_fi-FI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_fi-FI.js", "md5": "d1c30b43393f9a27b81123f2e25a25fa", "sha1": "d968350206ca536b1ad84554ef59b747881a9fe4", "sha256": "86d00a41d28217d7b568681757955aaa23ba2e1f11778ac5b7fe6fb3f8e23504", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ru.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ru.js", "md5": "df942c469c77560b20892bf9c1deedbe", "sha1": "60a1402aa49b81057e2e97bce81fd74b38340348", "sha256": "13b08587f6257607d57c9841624af1ff24890aef1e5eac5e9000361fe73cb5a4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-mouseenter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-mouseenter.js", "md5": "5625e71659244453a85f76e04d56d75b", "sha1": "c079f0b65f29783ca5984ff7d07306168174b824", "sha256": "13c250783c1547c891602853ea4979d1a04a1c06b38d3894296f42444c73b528", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-PE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-PE.js", "md5": "a5bc3d4c496bf2cbc002c0c6e44a7e35", "sha1": "6f7f7356d12bb630886224ae375869e441bfd991", "sha256": "78284c54ec34b11b11ed73ebc7c9cd5dec7940bc3e45e1de01baf63aad40986b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "popup_parent_helper.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/popup_parent_helper.js", "md5": "91a910888e16615edda57b3ea25ac027", "sha1": "1da4addbbef9d92caae3b7886a3c7e9511bb26cf", "sha256": "28ecbfc75780cd4c1adc3eeba3363f33ce096acd9d5ca20da32e5eb75d3faa41", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-jsonschema.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-jsonschema.js", "md5": "cfa4a055c4a4718f8627c33206abd2cc", "sha1": "5bc5c24405cafc28fa84db88df016d4162952c20", "sha256": "3b67aa899808ba1053a5b3a2a20fd0f271abc71e0275d825b7d209c62628811b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-style.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-style.js", "md5": "b2e315a8ba125ea192c8dd244b116da7", "sha1": "0b99550d8d5790ef207905cb4bf5361fb48cb04e", "sha256": "35cb382d3d8d5416391ed40c2b29558cfcdfdeb1162d7f2a1904352a49256477", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-style-min.js", "sha256": "35cb382d3d8d5416391ed40c2b29558cfcdfdeb1162d7f2a1904352a49256477", "sha1": "0b99550d8d5790ef207905cb4bf5361fb48cb04e", "md5": "b2e315a8ba125ea192c8dd244b116da7" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-style-min.js", "sha256": "35cb382d3d8d5416391ed40c2b29558cfcdfdeb1162d7f2a1904352a49256477", "sha1": "0b99550d8d5790ef207905cb4bf5361fb48cb04e", "md5": "b2e315a8ba125ea192c8dd244b116da7" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sk.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/sk.js", "md5": "5a673e711ea4d660d7c9afc56a891407", "sha1": "b4f20bb7ecd76ee5fb00b5d5923465bb3b67e10c", "sha256": "c3881d0cbdda0bb36cfd45834b14de89ee7f1843855f295dd39bad937db75b0d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/sv.js", "md5": "750fc74c1542846258005c49787afdba", "sha1": "9d51b9ef9df40233f936e337ef4b27e84324a348", "sha256": "b83854cfbcb86cdf5f047a4b61cb266b5b9bcfa96bc79a5790db5df52a0c72be", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_template_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/editor_template_src.js", "md5": "8631a0806efaaeda5d69d984c95f3d75", "sha1": "05ba4d599bb2640f0e37f1d88caec8a96459c484", "sha256": "a9f669e1369d2c093bc2220ab7d40312f9a3f5453d7c992d04c28d0c7a8a9369", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/spellchecker/plugin.min.js", "md5": "28072159e4c75b3f838d7eb90f1a1109", "sha1": "bb9b0d5aa05afe4ddacaf8968a183be742bc4130", "sha256": "8a7d01e721e277635c944344683edb27d77264ac3277f8434373c8c4cbde5563", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-US.js", "md5": "01f11ae942331809bfdd643d2d1256c7", "sha1": "e39edd141db88ebc342bee2cd285498d1a678f98", "sha256": "eb88e64b21ff860ae73eb5ca0744377229baad7d2f94bfb05eca7742f8462fbf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/colorpicker/plugin.js", "md5": "22538c49f524050bd8300b44526abc2a", "sha1": "78c7fef4b62ef0ad504a08611742d74a16c2cd0e", "sha256": "5d89264c60c683718d0b0d83bddcd75a793ba4a312c66a1d5cd48c935e110076", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-CA.js", "md5": "b6f75c0e6ad1625286721319bf8a9fc2", "sha1": "1fa9dd18c161c2f77961f3aa7482865f46a1de3e", "sha256": "873e51728a237138e9e0a8af7f7be648dd06519d81935a8dc1831dad7776eee0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "progressbar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/progressbar/progressbar.js", "md5": "21f68881ce01ffdc4680cbe775d8afd6", "sha1": "d99d68678ec9f851e387d53b8491c14188926ba9", "sha256": "24b17da6ddf510fff2cd827b7cb7a9b058613f487cad42ee57996c562f1da4bb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-date-format-min.js", "md5": "836d9e73907ef7d37facd2c3a65f5448", "sha1": "a2c64af7f41dae418c9f464de9e86ea42f82caa2", "sha256": "e3e45f13557a3322a025bea3dd1c635c11301f7d3b4a71e259912b1e7ff55e1e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-date-format.js", "sha256": "e3e45f13557a3322a025bea3dd1c635c11301f7d3b4a71e259912b1e7ff55e1e", "sha1": "a2c64af7f41dae418c9f464de9e86ea42f82caa2", "md5": "836d9e73907ef7d37facd2c3a65f5448" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-date-format-min.js", "sha256": "e3e45f13557a3322a025bea3dd1c635c11301f7d3b4a71e259912b1e7ff55e1e", "sha1": "a2c64af7f41dae418c9f464de9e86ea42f82caa2", "md5": "836d9e73907ef7d37facd2c3a65f5448" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/nonbreaking/editor_plugin_src.js", "md5": "2a627ba28f653ca93dc594cfd742d7af", "sha1": "82ee91241a9132dc7d0fa4569d5eb0bdaa37e703", "sha256": "f7cb1baab0f7af3572f86235bcb547163d6aa5c77e325b0f035c2e72602c06a4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "json-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/json/json-min.js", "md5": "ceb9b6d97d7759acb14aa2e8f7bad95a", "sha1": "0772f933c84b22a384045250b4e2e53e0a15a74b", "sha256": "abd381cbb2a673666d67701dbc0720df928b08a512c486430d7e5dfe434754e0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/json/json-min.js", "sha256": "abd381cbb2a673666d67701dbc0720df928b08a512c486430d7e5dfe434754e0", "sha1": "0772f933c84b22a384045250b4e2e53e0a15a74b", "md5": "ceb9b6d97d7759acb14aa2e8f7bad95a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/json/json.js", "sha256": "abd381cbb2a673666d67701dbc0720df928b08a512c486430d7e5dfe434754e0", "sha1": "0772f933c84b22a384045250b4e2e53e0a15a74b", "md5": "ceb9b6d97d7759acb14aa2e8f7bad95a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "html_entity_decode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/phpjs/html_entity_decode.js", "md5": "5ba6eed789f2a2f171e5b8fa5cef04c4", "sha1": "481b46917bdcf3088392ceadc2f6a8db3cf2d022", "sha256": "724d112945f86298a0f961768468a8235293253b0ae30fa3cc2d3cecbdb62284", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "treeview.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/treeview/treeview.js", "md5": "82e385da272d9fc4718568899aab9577", "sha1": "40de3b9e3de29e46fff1d8526b1c1d55778b1f7b", "sha256": "5c555fac746e7609cda6e1b66b7e78050e0aa2e84715b87eec36c0798452b7c4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "d3.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/d3.min.js", "md5": "5bc245068b1b70d4c3eaef79045023e4", "sha1": "4cb68b0a6a11e6d7cf8f3712ab65a783fb49ea6c", "sha256": "76c39718d1c0a3fb321676b3b7e29306c0907919a5716d5728bd1b08ae0169e7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "highlight-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/highlight/highlight-min.js", "md5": "c586752ed1aea837601c0481809899b2", "sha1": "bffc16fd3d4931d851a7add4a5e804672e12225e", "sha256": "52fe466ec2c9c215f6f9c48353b9f00ad4d17084fad6d72f85dfeafdd1a191a2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight-min.js", "sha256": "52fe466ec2c9c215f6f9c48353b9f00ad4d17084fad6d72f85dfeafdd1a191a2", "sha1": "bffc16fd3d4931d851a7add4a5e804672e12225e", "md5": "c586752ed1aea837601c0481809899b2" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight.js", "sha256": "52fe466ec2c9c215f6f9c48353b9f00ad4d17084fad6d72f85dfeafdd1a191a2", "sha1": "bffc16fd3d4931d851a7add4a5e804672e12225e", "md5": "c586752ed1aea837601c0481809899b2" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dashlets.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/dashlets.js", "md5": "15cc98b943609e0350ea717f16a859e3", "sha1": "0ebcfe1e7b925695b60c03bd078cba536096102e", "sha256": "6fcfa298d1ccca92440399ca5d3c5dc2b40280b51e12382ab1d7c84efde13f1c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-proxy-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-proxy-min.js", "md5": "cc8de1d0399d2b9c50812c974395f653", "sha1": "cb9fad8b0840899307c7a26e14430f04d33ef552", "sha256": "87d2fcf8ced47370462a31f3c515557ef72ce42298129e063df915f020507629", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-proxy.js", "sha256": "87d2fcf8ced47370462a31f3c515557ef72ce42298129e063df915f020507629", "sha1": "cb9fad8b0840899307c7a26e14430f04d33ef552", "md5": "cc8de1d0399d2b9c50812c974395f653" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-proxy-min.js", "sha256": "87d2fcf8ced47370462a31f3c515557ef72ce42298129e063df915f020507629", "sha1": "cb9fad8b0840899307c7a26e14430f04d33ef552", "md5": "cc8de1d0399d2b9c50812c974395f653" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ar-ma.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ar-ma.js", "md5": "befaa9d4dbca1f4f91d59d040d641d25", "sha1": "09b3fa6878b1850db6607df32a6093197db3102f", "sha256": "8c818a429ad6463bc7cf67311f105db10bd6265c23962d2978f69d0fd57075c0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "grid.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/grid.js", "md5": "d6a9b9cd22dc3c1c8f291f826b11484f", "sha1": "156615053e0e7ab860ece785ef03f4e05bea716c", "sha256": "a5e68fec55d6a050688bfea601e56db39d4f8ab46d08a1a4fd55c353714109bb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sortable.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/sortable/sortable.js", "md5": "2c0a56110b0544bbdbb5589c74405ac7", "sha1": "98400ae65bb8f9843dd6f47396d59e4f859a54fb", "sha256": "b811e8a8ba35598d72c8d4dd2e7f6795be0be5aed9157404e269c21a82d456f4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/lang/autocomplete.js", "md5": "55810937328cfe0657ab1d53ce70ea8e", "sha1": "edeba8515865e6ad7a29a9791d3f91af8e189494", "sha256": "dc845f6b4902780eb6982a7e686b4b32b41d82dc1b53f2649acbfeadfb969d05", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-base-min.js", "md5": "143c718d71a588368ebbece96db011d4", "sha1": "4a19b663d16909bb8fdb04df9f5a3faaedc9c254", "sha256": "d4878ca99a0c2f03bafc6cf481003fee4477c7c17752dec691f44262e1952456", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-base.js", "sha256": "d4878ca99a0c2f03bafc6cf481003fee4477c7c17752dec691f44262e1952456", "sha1": "4a19b663d16909bb8fdb04df9f5a3faaedc9c254", "md5": "143c718d71a588368ebbece96db011d4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-base-min.js", "sha256": "d4878ca99a0c2f03bafc6cf481003fee4477c7c17752dec691f44262e1952456", "sha1": "4a19b663d16909bb8fdb04df9f5a3faaedc9c254", "md5": "143c718d71a588368ebbece96db011d4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-simulate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event-simulate/event-simulate.js", "md5": "a0ca4c384896e953e2695d6770500d44", "sha1": "712241178d782fdce97cdfff435bd41249296d42", "sha256": "dab5565944e3a45598fc0d89e8047b586cd044193b24578cb350d6863b1d1ac2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "profiler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/profiler/profiler.js", "md5": "2e18579d5addc106aa072a6a76844afa", "sha1": "669f0ffc8b75d91050c61bb531daa8a35ed396ec", "sha256": "561ab316806eece92ea3789e1919abf3f56274ca5f721b402f3c1e07812b624c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_de-AT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_de-AT.js", "md5": "3d71a93386aa8bd1447d036c3069e51a", "sha1": "7a8798e88323221e3706922fb38a2898be38595f", "sha256": "27f00a2e072b91c5eddb4ed1f2d97c312e27d6beb902a648c55ac0fdd1ac7057", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-min.js", "md5": "7c6d093e64abccd1f2056c59ffa346d2", "sha1": "b70df577943aa8d2ba5ee8ecebbc8eb12dbc20f5", "sha256": "9cee5439aa41226eeebf263a725d085269d749eb337bf1e86bfa732e29afc45e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-min.js", "sha256": "9cee5439aa41226eeebf263a725d085269d749eb337bf1e86bfa732e29afc45e", "sha1": "b70df577943aa8d2ba5ee8ecebbc8eb12dbc20f5", "md5": "7c6d093e64abccd1f2056c59ffa346d2" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource.js", "sha256": "9cee5439aa41226eeebf263a725d085269d749eb337bf1e86bfa732e29afc45e", "sha1": "b70df577943aa8d2ba5ee8ecebbc8eb12dbc20f5", "md5": "7c6d093e64abccd1f2056c59ffa346d2" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ja.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ja.js", "md5": "01110a4de0cdaa5bb2e2bee5752e395f", "sha1": "879e4eee9a0a0c0751fb08579914726106eb64b7", "sha256": "a6eb722126b1e5427eb3397813ca841f48a9ee03e889614cc855a8225947a527", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-AU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-AU.js", "md5": "20983e5560f5e0a1aaa4e278fb592a88", "sha1": "6fc1b396fb9242f0a06d09429331c9b8dbd11dc5", "sha256": "475413bd3c770d475b57fe93b67a1f31f6c82905a674b9c8eb806cb812cb2aa3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/legacyoutput/editor_plugin_src.js", "md5": "27afe8aa979578c824f9797560222ef5", "sha1": "b7372951658bd9c7402a16c381ccc405addaaf26", "sha256": "75f78e27eb1e9d23233b096cd11781ae90752acc6a0b8f30aeb567eefb446d00", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.highLight.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.highLight.js", "md5": "336cc69cbf2b83a81e12b150ed6c603d", "sha1": "9e8f2b5b5aee1f2e778b85a7b838514757f94182", "sha256": "c3e58e850ef1f89af05f57f2051d9e64d8afb4eedcbc7acc9dd8f93a15dd2405", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-css3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector-css3.js", "md5": "c35b5d6a2651f46ee1fe59ebb00c077b", "sha1": "63575c721e1aa6e72961f5171160c56153255f82", "sha256": "d1524234001663ab056acde77f2c34adaa1f28d4e7ed490ee541a4797e0f3076", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim.js", "md5": "ea89def18c5a203b0e5156083286183e", "sha1": "521711c3bbacc050d9c5545b2f62e753345f5f1b", "sha256": "fdd96b9bc49d7aaf60159d3894bd2afb5c2b8a4151fd6d3946ddc22ed593f4f9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.search.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.search.js", "md5": "47ce2e44ed2508e134f0f4ac9fb58757", "sha1": "5c8a57ac5a28f733a383cfd3ad768de04d3e1324", "sha256": "15f9f792960770269b6c242153c71f9c65c4565c9552639f5fc471c5b6a052e1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "DetailView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Campaigns/DetailView.js", "md5": "1396aec60d5e7a6737c455c4d8b39200", "sha1": "ca93a638d7a3e57d05ba04cc7b08d497dea5ef7f", "sha256": "36f20681de1af5c7f3dc6f243e187662f5075660e838961c6994889800223567", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/lists/plugin.min.js", "md5": "2232d989b7f8f2d36cba773714ffc350", "sha1": "474db553ba9b90710497b87087282d0546445da9", "sha256": "12524b8b7fe96efef4a5ebb29166744e905e8a448f83f49fc4790d8b630301e5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "oc_convert.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/install/oc_convert.js", "md5": "c25355868cd931d5b3f67b7406501d7e", "sha1": "b7ed688b099df31f8fb2f9a49989470ceebc50a8", "sha256": "a0dfaecbff2c00de37fcf43cdcc99db9c17e1c839547ef1008364c8d47d3fbd0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-screen.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-screen.js", "md5": "ea325161aab4efd439c708c9de647076", "sha1": "1d431e743c5483bdef46bfe3ef28792998f81690", "sha256": "ca7ebf1d01c899d650cb94d9aa95dd18af535a45cd6322bdd980e7871602fb1a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/lists/editor_plugin.js", "md5": "46ba57884d8fe05d92cd9d98d3bb00af", "sha1": "8794c63862ccb5fb2f8cf013d770f28d002a9cbb", "sha256": "f190a8d348050066bd9cbb493b40be7fbcc10cc5957f90a9bccea8a46b5c4703", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_fi-FI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_fi-FI.js", "md5": "aab2cb269644ab20bbb551c1d6bf4ef6", "sha1": "617b9dba7866ef89b5ad0ad62f5a7ef6dbe4f41b", "sha256": "8ac3d695083886ed4bc3f2fe6fe7711a8fa58231c6cf9631f571b42b645fd9f9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-MX.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-MX.js", "md5": "1cacdc1d96bc302c1432a268a790af55", "sha1": "7695f6eb6c21bf5140e1ac0a5e01096befd5e7ad", "sha256": "3b6200aee64347c2fb15fb1ad45497ef1248e4cd2f8bdf583c1611635605fd4d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_tr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_tr.js", "md5": "7395b6c60e8aa8bcc6fc6a2c1a6f0b54", "sha1": "c9b31f7bff78b4b3c92557d16827496066f09c86", "sha256": "04954b3c4b633a978545d3055118a69c29008aff193d354e3b4fc5b10370e2c4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "anim-easing-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-easing-min.js", "md5": "78f26f6ff0edee16a3f05627f26dd3b2", "sha1": "e07268b55e6c92ae14ea302b3aa75704a8d65fb1", "sha256": "1997ed9a8e2457806f1d61e12e3c8dadb5c142d199794e2c4cc0aae820c39157", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-easing.js", "sha256": "1997ed9a8e2457806f1d61e12e3c8dadb5c142d199794e2c4cc0aae820c39157", "sha1": "e07268b55e6c92ae14ea302b3aa75704a8d65fb1", "md5": "78f26f6ff0edee16a3f05627f26dd3b2" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-easing-min.js", "sha256": "1997ed9a8e2457806f1d61e12e3c8dadb5c142d199794e2c4cc0aae820c39157", "sha1": "e07268b55e6c92ae14ea302b3aa75704a8d65fb1", "md5": "78f26f6ff0edee16a3f05627f26dd3b2" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.waterfall.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.waterfall.js", "md5": "ac2a605d0ad60291a91cad367b95aadf", "sha1": "6889be96307f2b7ba83eba1ad0856bb82d0ff31e", "sha256": "9e87dc105affb527fbbcfac07be7d2dc1b64feb9e36ca2b3fb3e83c9d4fbc956", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-highlighters-accentfold-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-highlighters-accentfold-min.js", "md5": "6ea578e426aeb25d0364dd577baeb32e", "sha1": "210730d40a26db82c87eced80d3d9ab307ad106c", "sha256": "40485a375c92975873a94cd1acb5c4ceaa7c311e89da701608a9d0ba69356a1d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-highlighters-accentfold.js", "sha256": "40485a375c92975873a94cd1acb5c4ceaa7c311e89da701608a9d0ba69356a1d", "sha1": "210730d40a26db82c87eced80d3d9ab307ad106c", "md5": "6ea578e426aeb25d0364dd577baeb32e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-highlighters-accentfold-min.js", "sha256": "40485a375c92975873a94cd1acb5c4ceaa7c311e89da701608a9d0ba69356a1d", "sha1": "210730d40a26db82c87eced80d3d9ab307ad106c", "md5": "6ea578e426aeb25d0364dd577baeb32e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ar-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ar-JO.js", "md5": "58f3d287f078c785b704f3e68591b1e6", "sha1": "ee2fafed0856841923b2001f65e4adb5153d4ade", "sha256": "bafc3f817e9f8de321c8c8c22ff2bb997490690f346cef00789d924b93aa6e89", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-ES.js", "md5": "d324dd8c15fcaa3d9ceb103c71a02e29", "sha1": "be29b2615070f155b8b123cbeb87941ac7056b6e", "sha256": "f33a9bf3a54b2642c0bc0b7960a9578877449a2ccaeca34c864aa6baae656199", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-drop-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-drop-plugin-min.js", "md5": "9dbdf28e2b6c0cd397094d8a315c6edd", "sha1": "f76383a9619da32a5483de733b05876d28bac5b4", "sha256": "526d890a05552fb7a1ab197f16bdd1f4e2d27f3917d0fdd41e16114b4163038a", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-drop-plugin.js", "sha256": "526d890a05552fb7a1ab197f16bdd1f4e2d27f3917d0fdd41e16114b4163038a", "sha1": "f76383a9619da32a5483de733b05876d28bac5b4", "md5": "9dbdf28e2b6c0cd397094d8a315c6edd" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-drop-plugin-min.js", "sha256": "526d890a05552fb7a1ab197f16bdd1f4e2d27f3917d0fdd41e16114b4163038a", "sha1": "f76383a9619da32a5483de733b05876d28bac5b4", "md5": "9dbdf28e2b6c0cd397094d8a315c6edd" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-CO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-CO.js", "md5": "fe1230ff8cdc43f4e9d8f2498eb80db0", "sha1": "223dcbdf42d69a979658a75150411e9df0ebd334", "sha256": "0d570144669198ac7bdfdc7e256691516735359f435ac18003a5f67ef358e8f3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_fr-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr-BE.js", "md5": "52d04d8cf53c50f2f6892d1e419cf19a", "sha1": "88502e25fdc337ce7dac512afba8396ae433e4d2", "sha256": "457b149834305777f2723827c1ff6e9050c910a236f54cc67adc1b74b28669d6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.types.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.types.js", "md5": "fe59d17394c295aa337139d47f9bf243", "sha1": "0dbeb748425a6567fd6b3c626d45168b7440553c", "sha256": "19fcb87f2aa74b9abb658f0407c48e296babf6a3a28dc210416075a7d02f230d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tree.jquery.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Reports/js/jqtree/tree.jquery.js", "md5": "707ca8f2545fcf4ed6390130b70819e5", "sha1": "0a45c3e752c70dfcd8b4675e2fbc1b801d5f0c2b", "sha256": "fc6adc7db366dc73b90d86b63843a4e166fa04fcb2bdc4947cc4816ed59357d0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yahoo-dom-event.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yahoo-dom-event/yahoo-dom-event.js", "md5": "366eac96e298168d2c923fcb556fa259", "sha1": "63aa83b8b83f9569802c3b24819cc477f4b5fdf3", "sha256": "34e4be92ec5b080fa8861ec31ab78bf63baad3b2242b5975a38de8d2807857aa", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-synthetic-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-synthetic-min.js", "md5": "727e8fc8053397b5afb9efc1f98d764b", "sha1": "5288d7d8b3769ebe5c98e85d245cb7a34f392821", "sha256": "86569c8d0cec3134a4cd553f7de22b4940a8d7d7dcfd9d3ca4ccca23dc0e6f3e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-synthetic-min.js", "sha256": "86569c8d0cec3134a4cd553f7de22b4940a8d7d7dcfd9d3ca4ccca23dc0e6f3e", "sha1": "5288d7d8b3769ebe5c98e85d245cb7a34f392821", "md5": "727e8fc8053397b5afb9efc1f98d764b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-synthetic.js", "sha256": "86569c8d0cec3134a4cd553f7de22b4940a8d7d7dcfd9d3ca4ccca23dc0e6f3e", "sha1": "5288d7d8b3769ebe5c98e85d245cb7a34f392821", "md5": "727e8fc8053397b5afb9efc1f98d764b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/dist/jstree.min.js", "md5": "58ab0a8021329f118319f7cfbc3f096e", "sha1": "46bf6abfa1d11e5cfa1d0556ee4af2ce111d2c74", "sha256": "d4e18b613787d73c3acad7e74f9dacd967c4d91c2ff6d45298cdbd45faa79d0a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "resize-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-base-min.js", "md5": "cf7c0583336eb58aa1ba79b89312902c", "sha1": "687d0b6ee7002ff818360023fa64bf16483c0470", "sha256": "617ffa6a4a8399cf4f75af235c208f24a8b5951fe7ef379ba4e9bd504dfd10f6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-base.js", "sha256": "617ffa6a4a8399cf4f75af235c208f24a8b5951fe7ef379ba4e9bd504dfd10f6", "sha1": "687d0b6ee7002ff818360023fa64bf16483c0470", "md5": "cf7c0583336eb58aa1ba79b89312902c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-base-min.js", "sha256": "617ffa6a4a8399cf4f75af235c208f24a8b5951fe7ef379ba4e9bd504dfd10f6", "sha1": "687d0b6ee7002ff818360023fa64bf16483c0470", "md5": "cf7c0583336eb58aa1ba79b89312902c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-list-keys-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-list-keys-min.js", "md5": "a7fb300aec56c61edec10857ec1c7951", "sha1": "a226be4d49e97fba0b0c454358afea82c45d9357", "sha256": "f63efa6321b7b797bfc3b947f85f7656f5f311d80d395ca86dbbeba528d1695e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-list-keys.js", "sha256": "f63efa6321b7b797bfc3b947f85f7656f5f311d80d395ca86dbbeba528d1695e", "sha1": "a226be4d49e97fba0b0c454358afea82c45d9357", "md5": "a7fb300aec56c61edec10857ec1c7951" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-list-keys-min.js", "sha256": "f63efa6321b7b797bfc3b947f85f7656f5f311d80d395ca86dbbeba528d1695e", "sha1": "a226be4d49e97fba0b0c454358afea82c45d9357", "md5": "a7fb300aec56c61edec10857ec1c7951" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "base-build-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base-build-min.js", "md5": "7bc5a461febbf1d01bc706043ff212a3", "sha1": "1755346abc882c674ace076aee5c85f94228124e", "sha256": "acf2c1755912d727c20f3b2defc39da6343cdf3c40b5821a80451747d41cc890", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base-build-min.js", "sha256": "acf2c1755912d727c20f3b2defc39da6343cdf3c40b5821a80451747d41cc890", "sha1": "1755346abc882c674ace076aee5c85f94228124e", "md5": "7bc5a461febbf1d01bc706043ff212a3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base-build.js", "sha256": "acf2c1755912d727c20f3b2defc39da6343cdf3c40b5821a80451747d41cc890", "sha1": "1755346abc882c674ace076aee5c85f94228124e", "md5": "7bc5a461febbf1d01bc706043ff212a3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_hi-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_hi-IN.js", "md5": "737e53999cd48ff5c3f5d5a9631d2c19", "sha1": "20391bb0b1cfe7848654ed68c783480d2c31fb2e", "sha256": "30731b4eaee7927805804a038c07f91f806212c38e1e3c1babe6cc08674f1d91", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/media/langs/en_dlg.js", "md5": "9523fc123c577642000fd409bd862c3f", "sha1": "8a8ef44c0b544c7799e2e92284e9965693dca37f", "sha256": "7b2bb26bfb93a892ec4dd8cfb1bf47219ca3fe3490594dc2fd3fa5d2bd5ca06d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_nl-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_nl-BE.js", "md5": "bc947dc80295031fbd51ca7da9f23807", "sha1": "92ee8d767fd8285bcd434ac08fa92c9f00e41fc4", "sha256": "7ceae98984bdcb64bb2f1f4d530b527b57984c3eef1dc1995b0ecddd249f4b09", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "displayOneEmailTemplate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/displayOneEmailTemplate.js", "md5": "cd4c662f3a2fdf12aa032a4fcd02d926", "sha1": "4a6c4e4049381429808bb3b85c0ce570b340b5ba", "sha256": "1e555994aad3c8d6df843ed3a4d0a8866f055d3c00f98b63d702be06d480829f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "slider-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/slider-base.js", "md5": "0bbe4b9f263d9b7e832d9c103f0e949d", "sha1": "f6e9b12c91ca856dcc5f8b68eb4f64e762a483ed", "sha256": "61bb4f4b02769db70af70a3cf7102bb358de3a3fd0ca4fcb88038c3b3c63bd96", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.drawing.text.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.text.js", "md5": "d53abf5c779205549ddbedde6273827b", "sha1": "c81bde42633c86015d46632f5eee973552cdb0d8", "sha256": "bc41cbad0164d19594679337d061b4d60aab46cb1803ce9b4b8f433283649943", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "attribute-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/attribute/attribute-base-min.js", "md5": "5ee324344152811f842656eda212b9ed", "sha1": "f71f7afaa216470dd05e3456465110e9d60958f9", "sha256": "edc03a1d84d27f0666dd02bebeecab7d40d5da805bda71440d44c6de2f4b9381", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/attribute/attribute-base.js", "sha256": "edc03a1d84d27f0666dd02bebeecab7d40d5da805bda71440d44c6de2f4b9381", "sha1": "f71f7afaa216470dd05e3456465110e9d60958f9", "md5": "5ee324344152811f842656eda212b9ed" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/attribute/attribute-base-min.js", "sha256": "edc03a1d84d27f0666dd02bebeecab7d40d5da805bda71440d44c6de2f4b9381", "sha1": "f71f7afaa216470dd05e3456465110e9d60958f9", "md5": "5ee324344152811f842656eda212b9ed" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarYUIWidgets.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/sugarwidgets/SugarYUIWidgets.js", "md5": "4fe28ab3d365f10152a0c6a5aa4a3e54", "sha1": "47f2f0a57ac0cd5fd6139ed6e82be01b56804168", "sha256": "a9ff12eaaf679e4574648e60bfb2205b0a9cf47b3c4c8f38881f1207295cd89a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-skin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-skin.js", "md5": "18207ae006d86e7e8e50b81415813beb", "sha1": "736e0c0c6d77f6ac74eab8c914887ddbabde8431", "sha256": "3873db8ddac66cf61c34df4e5401d5b86b014cc23b541326f39f7b0bb08911f5", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-skin-min.js", "sha256": "3873db8ddac66cf61c34df4e5401d5b86b014cc23b541326f39f7b0bb08911f5", "sha1": "736e0c0c6d77f6ac74eab8c914887ddbabde8431", "md5": "18207ae006d86e7e8e50b81415813beb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-skin-min.js", "sha256": "3873db8ddac66cf61c34df4e5401d5b86b014cc23b541326f39f7b0bb08911f5", "sha1": "736e0c0c6d77f6ac74eab8c914887ddbabde8431", "md5": "18207ae006d86e7e8e50b81415813beb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "intl-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/intl-base.js", "md5": "4eb1b052e01545e6ab76f09cd91b8ecb", "sha1": "bcbcbe4df2af2072cb46cee0468b8bae3b4e0118", "sha256": "2453fe0f8568ad726e52cede19e065488361d9a5a96033445071851ed6ff87d8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_de-DE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_de-DE.js", "md5": "b20acd6d311a07addd1d7a3a3c1ebec6", "sha1": "129218b3b467c271679b7ae042088e8a0ff59d6f", "sha256": "c7fc1d17169d497110d27081a6bcae7bdab77e758ac108deef9593dd308d6149", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yui-log-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-log-min.js", "md5": "10d676ab6383e9180fafa3c6d859ee09", "sha1": "7b2fae613586106cb4592b573cfcbc3538c5bd71", "sha256": "4ee19d46804607fdd193e9e4d2f702c98603a85aa93a256353a88db16445b433", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-log-min.js", "sha256": "4ee19d46804607fdd193e9e4d2f702c98603a85aa93a256353a88db16445b433", "sha1": "7b2fae613586106cb4592b573cfcbc3538c5bd71", "md5": "10d676ab6383e9180fafa3c6d859ee09" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-log.js", "sha256": "4ee19d46804607fdd193e9e4d2f702c98603a85aa93a256353a88db16445b433", "sha1": "7b2fae613586106cb4592b573cfcbc3538c5bd71", "md5": "10d676ab6383e9180fafa3c6d859ee09" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "imagesloaded.pkg.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/qtip/imagesloaded.pkg.min.js", "md5": "33295ee6f8ce979b07784c055d85168f", "sha1": "9041d221e185e20a9ad8a963673e08f5f3a00b0e", "sha256": "36dc8b9435afd10824f0b7c0c75c86b425b78d350ab8945c088027df8d5d100b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/qtip/imagesloaded.pkg.min.js", "sha256": "36dc8b9435afd10824f0b7c0c75c86b425b78d350ab8945c088027df8d5d100b", "sha1": "9041d221e185e20a9ad8a963673e08f5f3a00b0e", "md5": "33295ee6f8ce979b07784c055d85168f" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "queue-promote.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/queue-promote/queue-promote.js", "md5": "9528f9c913ba542e9c863f5f4aee36de", "sha1": "28d0234e4ad1a89ab7ebd219324995a9120d9e30", "sha256": "524272f1f6006fd4063eb904deb89584273826e6baf472de8cfbdd538ad0f07f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_nl-NL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_nl-NL.js", "md5": "b5740479f4efb789cd5a082fdd402e80", "sha1": "ff92307f634c23e3174c7098268ccd618c7ade5b", "sha256": "1dd6a779f4a28a07d44b74db2f4cc1a966e5682ac5f4af5b14899f8d34929b85", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ca-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ca-ES.js", "md5": "da9b884df6a88ecbd54e4385c6fd54a4", "sha1": "f2161b9d32becffc74f9351332c374a896b22ed9", "sha256": "941f5de98f33634351103b5eced752af420dbc31de7c7f59cdc25065c795b89a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_de.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_de.js", "md5": "fd4c1dfd55ebc0c09b4cdbf35b8764f4", "sha1": "c9df0c2738a9a67d2f1247ebec8552c110e5662e", "sha256": "5b8618101c2c72bb90ad345c8fa76863a094919a3ebc530de1acfe63993e4995", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_fi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_fi.js", "md5": "9fbbf1ecb7512cf7a9845c23b5b937e8", "sha1": "55e405e5f91bd9032785c699411a5f7ef23a05c0", "sha256": "0e9b65f32ae1a42ec322b4f81ace827745017f9e3e9c375d043374212b8dcfcb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-number-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-number-min.js", "md5": "274872ae9283044848e475e0ab16e8ff", "sha1": "e32d9a969be17b7312556863a7ee0b742f38422e", "sha256": "5981412f41fba61948baafc1d47314470f0eb3f7c4109d84c19eb24e898c7499", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-number-min.js", "sha256": "5981412f41fba61948baafc1d47314470f0eb3f7c4109d84c19eb24e898c7499", "sha1": "e32d9a969be17b7312556863a7ee0b742f38422e", "md5": "274872ae9283044848e475e0ab16e8ff" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-number.js", "sha256": "5981412f41fba61948baafc1d47314470f0eb3f7c4109d84c19eb24e898c7499", "sha1": "e32d9a969be17b7312556863a7ee0b742f38422e", "md5": "274872ae9283044848e475e0ab16e8ff" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-UY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-UY.js", "md5": "d52852411fecf5640c7de40d7e03fa9c", "sha1": "a2770027248724e86087c0b9b186e96833ae4f3d", "sha256": "7bb89dc67f4fcd95f7559c9b9aa083f1bc08f2e7cb8b494713d7c9b3de6a166b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Node.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/Node.js", "md5": "3932d3c94081e6b06eca764d715d8336", "sha1": "7d7967013442e94a27247dcd2a6beb551fd7097c", "sha256": "34f89272e0972c9e60faafd76aeea0ea02821ef1b7f82b96bee98c1db5528a29", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-VE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-VE.js", "md5": "2849a5128b8c6c39d4f0b39421938309", "sha1": "d5536115bc627029243ff31ce84c1271f38cb79e", "sha256": "9757d41a4799381170407443659a54fb5fd4aa62666c300e63063586b1ffab36", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.thermometer.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.thermometer.js", "md5": "638dc445f1422124c06607e3909c2d3d", "sha1": "a56b23dea4a103581cf49f74901fc3eb4017fd8f", "sha256": "a23d01b63e3a248476c2a0f1963392dad10f39392dc7d8ef088cc54132c76c25", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/langs/en.js", "md5": "58c814313230f1dec07fe45ad5f304e5", "sha1": "827a9de94fd0fb78b82a1b77e0f44239d2154735", "sha256": "87fa99a1ecfaa4d46a57f68867536706d245a46eb2151e6cf48a3f46f7ac9e1c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Connector.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Connectors/Connector.js", "md5": "3ae7b5c07d91127a3982b07cebc7bfea", "sha1": "14d769ac24920373af2bb70eeecd5ca79f85501e", "sha256": "a7a1a92290f498f5dd42a07051b87f63ba1d45827a9499328c76d5682f37b8cb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Cal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/Cal.js", "md5": "68644cc43b4b8f8165027dffdcaae3b0", "sha1": "41d4e5994f6d37f0959c208c0ee281725fb9b559", "sha256": "485dbdac5d43d7b3895ca83bad4308a038dce5cd91eacdd67d15ae9b61776b9b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yui-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-base-min.js", "md5": "cbf67dcbfd7b733fcaabb463146325ee", "sha1": "781834df4cdd5ac4d85e63a142db4314cc58cd89", "sha256": "0028df3d8c3c25bd62b8372812a2d7e638e607c550b0401cb64f94799e22cb72", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-base-min.js", "sha256": "0028df3d8c3c25bd62b8372812a2d7e638e607c550b0401cb64f94799e22cb72", "sha1": "781834df4cdd5ac4d85e63a142db4314cc58cd89", "md5": "cbf67dcbfd7b733fcaabb463146325ee" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-base.js", "sha256": "0028df3d8c3c25bd62b8372812a2d7e638e607c550b0401cb64f94799e22cb72", "sha1": "781834df4cdd5ac4d85e63a142db4314cc58cd89", "md5": "cbf67dcbfd7b733fcaabb463146325ee" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/spellchecker/editor_plugin.js", "md5": "a00c8b76eb18f004208ae61643998a35", "sha1": "2fa7dfbe01b0f8d89bdd9ee0d5ccb2bc5ca28d22", "sha256": "518cb06524e1fcdec0573caf172954174cdebaf9debd70c1d1ff9cacd198a9ad", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-date.js", "md5": "ab5c24b52e8ff04ac33e22134b70061e", "sha1": "856bc34e67b01c8d59cd3f74d7d70b42dba15e63", "sha256": "24c094b2a960ebe0accb661069374c53c6284cb6c72b46310cfd628077cbfb2e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-date-min.js", "sha256": "24c094b2a960ebe0accb661069374c53c6284cb6c72b46310cfd628077cbfb2e", "sha1": "856bc34e67b01c8d59cd3f74d7d70b42dba15e63", "md5": "ab5c24b52e8ff04ac33e22134b70061e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-date-min.js", "sha256": "24c094b2a960ebe0accb661069374c53c6284cb6c72b46310cfd628077cbfb2e", "sha1": "856bc34e67b01c8d59cd3f74d7d70b42dba15e63", "md5": "ab5c24b52e8ff04ac33e22134b70061e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_sv-SE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_sv-SE.js", "md5": "4cada1eb2f2eea5f169b4a3b5fac1229", "sha1": "6aa8e4ab966e92d8a4f3e204fe5db3c34f52b8c4", "sha256": "d69bfe9dbb3b3d1a3914f6484c8e43d5fe784e14c510fd3671f63b623744d91c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-uievents.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-uievents.js", "md5": "9135aae388f56b21d562f6260457c06d", "sha1": "91ea739f26543ee38d1e12e15dfe6be68cc1fe4c", "sha256": "dc94d69f787531e64b0970526656217b5902047a8309ee95856dc02dbb3b9470", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_nb-NO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_nb-NO.js", "md5": "18d7abaf62158b9317eebd90bb0bc5bb", "sha1": "8db53984b549a2ccb54192fc55995456699d48db", "sha256": "90745018035483e34f638f8460885e4c388ab312a4f1ebd504cd5ff4817abad0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/print/plugin.min.js", "md5": "230c2ad9e6191079f2d5febba13eeaf6", "sha1": "1db19d22d314262fdf31ce0b835e1f24c37eec0a", "sha256": "20dbcb125c9b45e6a06911212d2d84011d2a9440759eb49cf7a0f41ffb889e21", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_it-IT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_it-IT.js", "md5": "e24f0be8d5f80a30b00d6e2658bbfa6d", "sha1": "07d04c1500323c4129c5e7d33d17d600dc4af974", "sha256": "f8e3a77f83d70b9dd3407cd54696524ad77e063554f985afdb1d5e04a02f1dcc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-SG.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-SG.js", "md5": "b85f52c8aeb27269d0b37b8161e80f85", "sha1": "1a6d3a4dbd3791d5ff9b7007828d729ebee5c6d1", "sha256": "88f1191dde7d05a26f953e60813d7db4a556c928ccba89690b9f7171fb7fd3be", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "gulpfile.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/gulpfile.js", "md5": "522b50014388415712a0726aca27f8c8", "sha1": "86d13659e5b8d9d31e712f1bbf6717f2ad53f85b", "sha256": "beb2f3342fa5ab51b4769f3b0d374ff6ec1f648fb0b93247492bf84cd6f75d68", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-base-min.js", "md5": "f6a5a65d2e9e0dbe8d9c5956495290f5", "sha1": "6717631bd07231ac17764a2a4f456f7634822765", "sha256": "1f60358182cf0a3067f778bbc0406ba5ab669d04c99b306b5f150a74104f7791", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-base-min.js", "sha256": "1f60358182cf0a3067f778bbc0406ba5ab669d04c99b306b5f150a74104f7791", "sha1": "6717631bd07231ac17764a2a4f456f7634822765", "md5": "f6a5a65d2e9e0dbe8d9c5956495290f5" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-base.js", "sha256": "1f60358182cf0a3067f778bbc0406ba5ab669d04c99b306b5f150a74104f7791", "sha1": "6717631bd07231ac17764a2a4f456f7634822765", "md5": "f6a5a65d2e9e0dbe8d9c5956495290f5" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_pt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_pt.js", "md5": "3f881624d4ce292160eb4c8f85d3ea01", "sha1": "c7f31850128e56f1b69814c3706586bf80d42d4e", "sha256": "3a49f439377247e453806ed1656261361bebaaa5faa38746c07f35847de70e3e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-delegate-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-delegate-min.js", "md5": "8bcf7ec5805faa24617104c1c4cc7176", "sha1": "d3740e7de20428d1ebaac8d699d4988a92c4fd6e", "sha256": "849c300fa56c2f5dbea7444d15b042be607d60188c21826b70365e708096f58e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-delegate.js", "sha256": "849c300fa56c2f5dbea7444d15b042be607d60188c21826b70365e708096f58e", "sha1": "d3740e7de20428d1ebaac8d699d4988a92c4fd6e", "md5": "8bcf7ec5805faa24617104c1c4cc7176" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-delegate-min.js", "sha256": "849c300fa56c2f5dbea7444d15b042be607d60188c21826b70365e708096f58e", "sha1": "d3740e7de20428d1ebaac8d699d4988a92c4fd6e", "md5": "8bcf7ec5805faa24617104c1c4cc7176" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "storage-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/storage/storage-min.js", "md5": "896f4543edb73d83ff11ac2ce209bddf", "sha1": "0b7a61341eb45762bdea4c9ee3fafecb505cea35", "sha256": "35a993c6b1f9880900e087b05ec191bbfc3802ed3e0cb23dd324cae6d297ae49", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-xml-parse.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-xml-parse.js", "md5": "43a3da4c1d9d56bb0d0524dedd48ae1c", "sha1": "9ae2c29cbd17fb96769a31898fe1f8e9812b1fed", "sha256": "4a66edbc208991fbd740916c259a2648269259ae0419e489f7637a7c2d9d661b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "JSTransaction.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Studio/JSTransaction.js", "md5": "23786c2f1fad96dd9f3381a63265e5dc", "sha1": "2f456adb9b21b2085be9aeba35c8bca82458b19b", "sha256": "f4d516401d7e5d453e0402af7cdfa59a4d8b7c0443dca762ac4dd6ce738d0d61", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_fi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_fi.js", "md5": "940315698c6d32d179cf83f4ab711dde", "sha1": "aa4d15c375bf6175e2eda01ecad69fccb11308a7", "sha256": "ed489ce4b4a36466d46f576a3bcfbfe538eb2467000e3cfbcfd8bb4675166fd6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_pt-BR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_pt-BR.js", "md5": "50d933d05a57344db2d35e94893416b0", "sha1": "68954a45c9b6379a6edb6c26fa7358aae45ae443", "sha256": "87ff452b083c05810bca5034795d78a46e703dac59f6814605087c5e41acf39a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "slider-value-range.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/slider-value-range.js", "md5": "6804500b388b392d0207bbe0c97899f4", "sha1": "d54fa9954156a1fb92508c5a79bd4f3078b399b2", "sha256": "99bf114f791692d34de76d0eb17f1b69fae7447cf9a05ab851788bf2adb1b27c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/slider-value-range-min.js", "sha256": "99bf114f791692d34de76d0eb17f1b69fae7447cf9a05ab851788bf2adb1b27c", "sha1": "d54fa9954156a1fb92508c5a79bd4f3078b399b2", "md5": "6804500b388b392d0207bbe0c97899f4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/slider-value-range-min.js", "sha256": "99bf114f791692d34de76d0eb17f1b69fae7447cf9a05ab851788bf2adb1b27c", "sha1": "d54fa9954156a1fb92508c5a79bd4f3078b399b2", "md5": "6804500b388b392d0207bbe0c97899f4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_fr-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr-BE.js", "md5": "f23940517738e3a308ddba6124383178", "sha1": "7cc392e2c19c3c26929073ed7c76bb17cef54d0f", "sha256": "3d50edb3287fe5b09ec1cb8529a5d767fb6f1c8deb99eef7bb7478c84017baae", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "qunit.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/test/unit/libs/qunit.js", "md5": "fe2d2c35f9a1a774f6a56594e9b92b95", "sha1": "e7f651fec77579328c40a42d96bacbdf4be3539a", "sha256": "f246b16b6139e64dc386944276cef1942e7442b84df17ceaaa4fa042ecba99e4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "get.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/get.js", "md5": "3d940b74f8a5b1a438d960ea6c1374e0", "sha1": "fe7197dd7ffc1a0f8bdbba86b3192ba7bfc59108", "sha256": "ef07a6b12c88f62a64b4f759f3f955deaff35f5821058bf78707b7a8a624f7af", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "json-parse-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/json/json-parse-min.js", "md5": "c458c0ea0aa7dd399272d663e8a3ee62", "sha1": "0cd23f2e9a024d488c81db05886b2edd9aa26356", "sha256": "f1e21ee3889e1f3fcd76c5360f653dabd91bf10fe4a46f7116bbbf1f1d03ee08", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/json/json-parse-min.js", "sha256": "f1e21ee3889e1f3fcd76c5360f653dabd91bf10fe4a46f7116bbbf1f1d03ee08", "sha1": "0cd23f2e9a024d488c81db05886b2edd9aa26356", "md5": "c458c0ea0aa7dd399272d663e8a3ee62" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/json/json-parse.js", "sha256": "f1e21ee3889e1f3fcd76c5360f653dabd91bf10fe4a46f7116bbbf1f1d03ee08", "sha1": "0cd23f2e9a024d488c81db05886b2edd9aa26356", "md5": "c458c0ea0aa7dd399272d663e8a3ee62" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pluginhost.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/pluginhost/pluginhost.js", "md5": "8bf9c833f0f00c814254ba614436d4d4", "sha1": "27fc9469bfdf26d6a74b09694ab27b47cdb269e7", "sha256": "c6edda2dffe346d7f3afec3bbceb47cb9c09d714dbade6981f466a2776e59eec", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-CL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-CL.js", "md5": "12fe715f833632258221496954409868", "sha1": "4dfdd4f007a2dd11c7417a799b772d1ebd34e203", "sha256": "c7f988fb6f2ba0eb6fea4818e50cb47e94be032bc9b5bffea927966211762c05", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dashlets.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/dashlets.js", "md5": "52a5a4e55d70ff8107c67ba13ab2e4ef", "sha1": "eedbb5278dee739f5508aad1a4c7febe4882c23b", "sha256": "28a5c49c6c22dee8220a0f2e0ae81cc388490bf3e67ad00f75d54d99f06deb7e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-focus-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-focus-min.js", "md5": "5d2dae82c681315c7c581c26ddf29c51", "sha1": "fa5d9b41903e4b2182e2acfee06dbdc1f00884c0", "sha256": "ef6314f17d19a65b9470d8250ff85496231c33dc9441b27a26a7ee9b192e70ae", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-focus-min.js", "sha256": "ef6314f17d19a65b9470d8250ff85496231c33dc9441b27a26a7ee9b192e70ae", "sha1": "fa5d9b41903e4b2182e2acfee06dbdc1f00884c0", "md5": "5d2dae82c681315c7c581c26ddf29c51" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-focus.js", "sha256": "ef6314f17d19a65b9470d8250ff85496231c33dc9441b27a26a7ee9b192e70ae", "sha1": "fa5d9b41903e4b2182e2acfee06dbdc1f00884c0", "md5": "5d2dae82c681315c7c581c26ddf29c51" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-highlighters-accentfold.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-highlighters-accentfold.js", "md5": "df993e9ae95faf8feee674517ea705cc", "sha1": "578e99cb531a1150363feaa402b2c94add7a8a97", "sha256": "780a4be3f4748e546aef98055446a573256bacc6ef6517512d81a7506b8a65de", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_fi-FI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_fi-FI.js", "md5": "d8f7cbd18b466d1a0161b05f64c54f8b", "sha1": "cff3da37126c57c45a30562aad39568bfe06ae45", "sha256": "baab6f712218dee3b944b0818548e8c16bb1324a9e8599f9d408a9c93d4c1ce1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_de.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_de.js", "md5": "e139f2d4e3c1279dd780fefe37a0fc0b", "sha1": "a741164f94b2bc51a8f2628d9abf542ebe7e0275", "sha256": "a103e3bb473a8dbe742e4ce99ba7ddd2f79528e2b7beb3179afa2e232a065cbd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_vi-VN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_vi-VN.js", "md5": "9a272fc92a284ce4138643cd8856eb0b", "sha1": "9af105f4dd8bd42d25681e495aaa58d385bc56e1", "sha256": "0cbae9c1e0566d787b634eba9ea1b4c9d22fa9b0384f31f9e3fd428349f62336", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-datasource-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-datasource-min.js", "md5": "2c488b996036a6a1219d34666d7c5a55", "sha1": "131e3c6e961b0d79fdbef2bdb0417dfa119123a9", "sha256": "8a73e2cc8025964cbcfe01e87a08da889beeaa3ac7a2d7f2403e1eada43c83f4", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-datasource-min.js", "sha256": "8a73e2cc8025964cbcfe01e87a08da889beeaa3ac7a2d7f2403e1eada43c83f4", "sha1": "131e3c6e961b0d79fdbef2bdb0417dfa119123a9", "md5": "2c488b996036a6a1219d34666d7c5a55" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-datasource.js", "sha256": "8a73e2cc8025964cbcfe01e87a08da889beeaa3ac7a2d7f2403e1eada43c83f4", "sha1": "131e3c6e961b0d79fdbef2bdb0417dfa119123a9", "md5": "2c488b996036a6a1219d34666d7c5a55" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-mousewheel.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-mousewheel.js", "md5": "13bf322df8b1264daaa44aca827134bd", "sha1": "2960f996767823f46eea164df316de330895b20a", "sha256": "30a379b011a2b3f7deb815d5636738af54b2c71bddfb0e33ab09fef418889cbd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-locale.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-locale.js", "md5": "4d789d4154ea6d2736d6240f472b34df", "sha1": "74935c65fbe6b8c8acb78282f6ead8e372c662eb", "sha256": "4fcf9d9b3c7c6a66f7e7777bc1e9fcf1702c8af0b17402757e29a95ed4f52d74", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/pt.js", "md5": "7dd3c845038e571a3e55ae31bcbff100", "sha1": "981970679eb4384cb8c1a54aa5c40e441ff0ea81", "sha256": "29fc0c79850768432bfcc435229a782b279c537c9f59bc92cc4142bb4f8cea1a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "init.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/init.js", "md5": "92ce172cf845e6f872de69160bfcfc9f", "sha1": "018acc4ec7e22dc6b0cffd2d8fb80c353f86397f", "sha256": "f316f29160f8a98493aa955e75837cbe7f689debedcaae8928a20c9303ca465d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_id.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_id.js", "md5": "c50f63a6a3fba8c9d615629e117222fc", "sha1": "d71ae11158a7738409ffd3ec1748a19f96d82cec", "sha256": "aad26107021e3d4119e891a037f98fbfd6e9b19e3c64495d1caab63e2e72084d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.showLoading.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.showLoading.js", "md5": "21fa741a8e3696ef90ab67f38fd11452", "sha1": "4d699f4caed743027304378c9f99c6cd475d3961", "sha256": "59a209ea506cd18f536996c2a38b3840e5c1ba65fdc67fdfd13bac284e12bcf2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "message-box.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/message-box.js", "md5": "98315706061128896f04ab3a7a12c7c9", "sha1": "44957682597e64a0b4856a8bce02b638f92c6f59", "sha256": "069706ada5a821f0a5b997907a03e27bc9a4fd71eed6067769f93bc409aa1d15", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "stylesheet-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/stylesheet/stylesheet-min.js", "md5": "1b5e9f73dd2f97519dc1bddf93080edf", "sha1": "d7d661987446dbf6ee49c65b707c80852e043af0", "sha256": "947a7a075fef0a1cf8908a37fb334f0fe7dbb44e7e65295bb84365cb826422ee", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es.js", "md5": "4f3e93c5cd80d9b1d47799c6bd2fdecb", "sha1": "505d3505c8b6b1a034f58f1db3240df2f8fbd868", "sha256": "fdcb9174678d8fc34e812cc603712bc709c4fdf97c59abc19990d067f4883bcd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hant-TW.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hant-TW.js", "md5": "5a778e48ced04c80cab07ef4b1290521", "sha1": "fc93ebaddced53a3c17b1adffe1d3c919743d2ef", "sha256": "5b9e174406689eb4d1de0f4083402ef88af78a67624fec79bf8a558aaf3c4b03", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "reschedule_form.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calls_Reschedule/reschedule_form.js", "md5": "f0bf2f12573284e093e286edb42411f4", "sha1": "c0671cd8397cf5b527ae45c28bed3efabdb67002", "sha256": "20376d4ffdd92f2f7834a8a39cdde17be472bda4dc7a06a3b643cb10443fa696", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-NZ.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-NZ.js", "md5": "2096a0e071d4dbc126d8bf686bb30d41", "sha1": "9988bc0a84893a08aac64098ddc4fa5d96a35dc6", "sha256": "cd10036098aea9e3c51e253ef27b19511cca057399465dcee7ea4b9bb3b418ee", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_da-DK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_da-DK.js", "md5": "6a16604e9289280331e6e62ba29dd11e", "sha1": "d2537d4c9833b8bdf4f9e63ed8447649827ebbc4", "sha256": "a89f1dc365334a35e7fa37139df918cb17c6596bf2b2e4ad19925f1527c11abd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-IE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-IE.js", "md5": "35efbdf46019fb050bff9c8678ecbce7", "sha1": "38636dbda18b50a77d894ebd212bb64deb96f853", "sha256": "052a752451ec0d993abb4622291f8c2b4d681003d9a62ea3de03142ee38b237d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "container.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/container/container.js", "md5": "740dc78060cc7ac248d727e58369306b", "sha1": "cdf652efb1e8a0251d0390075ee5a77fe76177df", "sha256": "d3d1566cb2f6325b7e71b7ac95a23f1424599ee22e9991e3d83fcc49deffa566", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "quickCompose.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/quickCompose.js", "md5": "64a9c4b3aebfa1dc1108ecef038e850e", "sha1": "76601d7fe8c83985a13d3c46fff205208e6eb2f6", "sha256": "2ea15d2dbd8f3d437dae19a0ee431dc813889906d50f4fc45364048454e83cd3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "button-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/button/button-min.js", "md5": "19c64b59b4eec374ab75a99d5aefca65", "sha1": "52f6732edffb5de3eec1c6d0bdaa5ae22750930f", "sha256": "821e11f17f4650b5e29741bdd991842b52d793849562ed41750d9507066d5b4a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history-hash.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-hash.js", "md5": "3ea79949203e55204ff9f0af717cb203", "sha1": "20220d92a5705acddbd0bc9ce690189672552c00", "sha256": "35c8b71be910d2536371eae231cbdb15cf48a2d13c928684042ee21b8890dcb1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.drawing.marker1.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.marker1.js", "md5": "987ca7c4251df6bac268f4a5f7bf43a4", "sha1": "d002452a3d65d350029694df14ca1533b10d503a", "sha256": "b177eeef720b9cda88d186d8acc86ac74705e578da3b3490958ace323cc36f64", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-base-ie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-base-ie.js", "md5": "3e038b0f3a234b1b57290d20b98badc5", "sha1": "b9a4756ef9f43ff573ef2c01db7e1fec67ae3adb", "sha256": "40652bfb9d8a6439805c4a99d6df029e246128f5e171878b4ef55c032cddcefd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "siteConfig.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/siteConfig.js", "md5": "e2743d62c2568621ef81b0df88190c8f", "sha1": "40a1d6818cd00eec9cc1b465bf4c1ab64983c1f7", "sha256": "4b8ccf86298beb6e88b66fbe1123c9a76939bc0609ee2bb630de269b66d8bc1c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "TVFadeOut.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/anim/TVFadeOut.js", "md5": "d1fc4b1340b7430688b0866493d11685", "sha1": "903e123e1f5bfe80c66092baf14a82ce49ecf21c", "sha256": "7400e17a96e97dfd22253cb0a45d5a51611750eef7626cb5b253533103755873", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "flashcanvas.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarCharts/Jit/FlashCanvas/flashcanvas.js", "md5": "b4345bb87df60d29e8283ae780c72a25", "sha1": "843f620f16fd6c0e8a3fe7bf8dfdffa20e1e91ec", "sha256": "17f4fe6015439e389f09981c64e561481eff00b1f68fe357b475fe31587081be", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node.js", "md5": "f728b45f9cff558b4ba228dfad423a62", "sha1": "b5a253aa107cc9884f3491a6aba602f00e5f393f", "sha256": "f20c86a2f2ad59843cea4c32b5560e76ba739883c7ac1fd23a0486b1e041b93a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "compat.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/compat/compat.js", "md5": "56740dbbc3f6bef79ce19dfa699f616e", "sha1": "198a922c02bb86948290d87298bcf5448b979910", "sha256": "f5be6c22d0171dc3c872b001295454e26bf95a8dfc2cbafe2fc27818346b79fd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ca-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ca-ES.js", "md5": "53a4df48161bb103fc8e0d8b4784fcad", "sha1": "d40bbb38b42d4fac68c0a37497dcf28b8acf7b6e", "sha256": "f53410e64132799568dba022498a426fd30c098b8d279930e09f67e2945a4f0d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_zh-Hans.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hans.js", "md5": "bf46499c1d64ed7778079ac5827e9fd2", "sha1": "27818bc8477cc07e0cf036c6eabaeaa40b29d495", "sha256": "a76519d13b9620021e84788edaa183736cb0c66ebfab0a14bee3926e727ddc97", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base-min.js", "md5": "f1db86a2ba7165ef33dc50494113e56f", "sha1": "4f47a79247e511fe0d736b7b48fc7c38bbda5e13", "sha256": "8441284197dbad087f5bf8bb247ec3da4c8a523e3586c9bfd4dbad6485604d79", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base-min.js", "sha256": "8441284197dbad087f5bf8bb247ec3da4c8a523e3586c9bfd4dbad6485604d79", "sha1": "4f47a79247e511fe0d736b7b48fc7c38bbda5e13", "md5": "f1db86a2ba7165ef33dc50494113e56f" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base.js", "sha256": "8441284197dbad087f5bf8bb247ec3da4c8a523e3586c9bfd4dbad6485604d79", "sha1": "4f47a79247e511fe0d736b7b48fc7c38bbda5e13", "md5": "f1db86a2ba7165ef33dc50494113e56f" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-AR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-AR.js", "md5": "646a6bf96ae1c743db3fc2c6aac9e681", "sha1": "1b514cbdc0249233bc722713f610a9e050d40438", "sha256": "e5d11d50281b3c247494ee14b82706dfdd6586c649e88b4faf708a66fcfb2174", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/lang/autocomplete.js", "md5": "84a359c5142e74d4f13c884d4361c8fc", "sha1": "58ccf33b0d267ae717a21b1ff695640b077ea5c4", "sha256": "03851321eee8e6845de936bc551989d9b0db0e2f3643553d8a65038123a66938", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ProjectTask.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/ProjectTask/ProjectTask.js", "md5": "4aab9926fb6c84aaff3cca7910333254", "sha1": "8ff67da1319ea68e388b49f209bf836a1d884aa4", "sha256": "988461af138920357c97ed553b5eda58faa3dc6812588fabdafcf141963ae31a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-US.js", "md5": "fdac6cf227ad0ea01bbd00edbb0ea1a3", "sha1": "40905fcd4c00c76a03cc2fe97e1362fdb8501f33", "sha256": "29b8c71f80fed56e2ee80510375c8a846c0e94f31329cae5103a461cf7df9d6f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "actionSendEmail.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOW_Actions/actions/actionSendEmail.js", "md5": "e919423e47a93740dc522e812815c156", "sha1": "1bea8ad87d5fc0b246285db24544d96946dd14dc", "sha256": "0d5ba92e337677d5fb72d2e4c004dc704b3ec3db543d93cdceab872241f28b41", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "DetailView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Users/DetailView.js", "md5": "dc2c0570507653dfcbc081346d2d5592", "sha1": "a1355c7e42d587780a7b41b639dd465b52c6cb27", "sha256": "ec528eade49c889cac6767a72aa628f8bf8ff6b5dd178aea5c4679df19ab124c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "license.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/install/license.js", "md5": "f61fb4318b36e427e2b83a80d765c6d5", "sha1": "d4de6685e949792b8a012727175ff041801dc802", "sha256": "080cc6faca2c2c4eb7a3897349569bad4e38a0a7fe517b1e31cfef8f2c788de5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-MX.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-MX.js", "md5": "93034e766c6902aa9f63fd0fb648f7d3", "sha1": "b9a87ff4ce76e0289d40616e9f759ecc39a1e8ff", "sha256": "2ba206da4bc0ba1ecbf36c60aa9ae2fb8dccd9b8a93b433bab8bdd76ab47a630", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.sugarMenu.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.sugarMenu.js", "md5": "6de12657e89b3b7a8b715d6ebe66bc86", "sha1": "3d3d3abaf1ea3f03c50e08913becb2d79bf4a7bd", "sha256": "cf60a033c9b07752b524ed211a0b1b6826d411d4d39c4e8be5353d4fe5beb498", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ro.js", "md5": "d774c148fa8208062afb1da9515ef0e7", "sha1": "8668a720c134ca6583f16f94b95f978b0ac25048", "sha256": "5a7f6a34ccd29e15440cefadaf586c66d573a186d16f87ec2e56bc90f4b16a4a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "MenuNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/MenuNode.js", "md5": "8d001c1014dc6755f150cd83c1dfe07b", "sha1": "4db651f007fe1bdcfe14b1f3b1b433f75000df63", "sha256": "01e652bb5b5887927674b46bf21dd8263595ad60fd2e35396a0720661321f277", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "pasteword.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/paste/js/pasteword.js", "md5": "10f73efbf570633989e2801d0b10de4f", "sha1": "601e486a2c139a8114c9bcb7109a85842e94a57e", "sha256": "e6615d2e87c5f0eda68c9d359312dad885ef377a4ca12734d37775fb1f9f9b53", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-valuechange.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-valuechange/event-valuechange.js", "md5": "58ac8760264fa4d19ad586771e6c6a2d", "sha1": "9181919fc5dbc9ef60ebf928546592b615cbe62d", "sha256": "7a5a6dd608d511609446e28ebce8ef6bbec04bf6597860cfa541996f1025efe0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-valuechange/event-valuechange-min.js", "sha256": "7a5a6dd608d511609446e28ebce8ef6bbec04bf6597860cfa541996f1025efe0", "sha1": "9181919fc5dbc9ef60ebf928546592b615cbe62d", "md5": "58ac8760264fa4d19ad586771e6c6a2d" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-valuechange/event-valuechange-min.js", "sha256": "7a5a6dd608d511609446e28ebce8ef6bbec04bf6597860cfa541996f1025efe0", "sha1": "9181919fc5dbc9ef60ebf928546592b615cbe62d", "md5": "58ac8760264fa4d19ad586771e6c6a2d" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_hi-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_hi-IN.js", "md5": "6ba62822377b773e7d6b55cc43722982", "sha1": "092bf9781249a9e21f40635a0d9170242a42394b", "sha256": "808bd690298e0425cab1122b47d121a4ee507e4a9e9d7d80abfd04854ce0209b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ru-RU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ru-RU.js", "md5": "2d4688c0f13e035437275be015d0c5fc", "sha1": "3e40a23472a200033c7b3d75471cde3f60d33448", "sha256": "20d8c8abb0e71378d3df3c9f39cd4d01d518e9bb6ad82f3a4f1e6fd84b302b6f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-mouseenter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-mouseenter.js", "md5": "943502b345b05d7b1351be7b7f89f14a", "sha1": "4442812f4324cdc5502ca5e507821c3afa31aadf", "sha256": "cc51bc0786491530093e3fa01903b910edf478756c85c7d9c6796265a91a62c0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-mouseenter-min.js", "sha256": "cc51bc0786491530093e3fa01903b910edf478756c85c7d9c6796265a91a62c0", "sha1": "4442812f4324cdc5502ca5e507821c3afa31aadf", "md5": "943502b345b05d7b1351be7b7f89f14a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-mouseenter-min.js", "sha256": "cc51bc0786491530093e3fa01903b910edf478756c85c7d9c6796265a91a62c0", "sha1": "4442812f4324cdc5502ca5e507821c3afa31aadf", "md5": "943502b345b05d7b1351be7b7f89f14a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "form_utils.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/utils/form_utils.js", "md5": "337d7e2efe224c1c7da72d40b612d0a6", "sha1": "245f3a6d2ba3ee6aa779d32559958d948aafc3fa", "sha256": "b35f577d486ddad48a056f07dc4285b65beb8db93b11233fdc57b91d90c0fc2d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-PH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-PH.js", "md5": "47ef232349e5a959072d588875d39557", "sha1": "5e31e891b59ca6beafed7e8360881c9e0c91c814", "sha256": "a6727556e6c018537e94c7dbe4ccf189636f7b6530de386705cf31b4759a1a09", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_fi-FI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_fi-FI.js", "md5": "4924c6fc3df00c1fa96019b2bef90b01", "sha1": "8c3b6b90ac0d3716a1b74193e39f220d6be259e3", "sha256": "7740482a8da674fa09133e0565e5d03e237a28c2a0241004d2b54f625c97df94", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/lang/datatable_en.js", "md5": "c6e4d6e46583fc3311ff07fa0b36f08a", "sha1": "db91085246b64d5546817fe5bd437b26a84e26d6", "sha256": "546112a821913449c50aaf56e4c4bbacaff2581e789acf36b90f1198e3b77b66", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en-ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/en-ca.js", "md5": "ff9baea76eddbbb17eb7668274d800ee", "sha1": "979e72420ef5b9cdaba722e87070279dc1c632ea", "sha256": "a82a608ffc343c49e79bdfb06591142fda55dcaa2645f15963421681f76e3f8b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-min.js", "md5": "764fc8ea23559eef3d1e5d803fafc3c1", "sha1": "78960a3cc1c8ba052d49ea64ce07a00b9f178efe", "sha256": "88f34b724e47b71eda89b0cb4d0340e38fd1fdef59fa7f90774ccb0f7c458841", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io.js", "sha256": "88f34b724e47b71eda89b0cb4d0340e38fd1fdef59fa7f90774ccb0f7c458841", "sha1": "78960a3cc1c8ba052d49ea64ce07a00b9f178efe", "md5": "764fc8ea23559eef3d1e5d803fafc3c1" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-min.js", "sha256": "88f34b724e47b71eda89b0cb4d0340e38fd1fdef59fa7f90774ccb0f7c458841", "sha1": "78960a3cc1c8ba052d49ea64ce07a00b9f178efe", "md5": "764fc8ea23559eef3d1e5d803fafc3c1" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-EC.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-EC.js", "md5": "44a2108b69e0d05b1c9e08f9dce2669a", "sha1": "cd78b68ba528f7e5c088a86491d3726c552e0c04", "sha256": "d038c688f9f9893ec670bebc9aa92d2e36dbdde4ecbb6d60e4474abb8c0d8470", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "inlineEditing.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/InlineEditing/inlineEditing.js", "md5": "ebc8c66cf49a2bcc77265461a120fe3c", "sha1": "dd561681e0c9307de2bb4830b9a5a5b98ef81961", "sha256": "aaf8afd9f0c597ebb93ee203b1e742745f847b215bf85a0e2774e2c57b93595a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "console.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/console/lang/console.js", "md5": "d2f8d3705f9c6e5603ecfee8c8b818b5", "sha1": "ceba9b30bcb46361265dd1f8c64ee169618c0dda", "sha256": "d37eebfb06a4e3faa7005f1096160fba33fe9afe8bbdca60818dbd2708edf154", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/preview/editor_plugin.js", "md5": "925216b63aabd5adc67d642ca2d04b4a", "sha1": "0e49d7643bf4d49470976ba18fb669c33d62f173", "sha256": "c22b1959fd68b50e46b2fa59b81c132c1996c8034ae560a7bf6abb9a4cb3eebd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-ES.js", "md5": "40dcc184bfd247b5eab74e05abe1a3a5", "sha1": "f15bc2e49277782a8957792325a3788b9777517c", "sha256": "55d09aa55d48f01099920644aee24d45aac8f5db1a095e8e17b0b148ca9b0ebe", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "features.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/features.js", "md5": "bd1324e52139381cf41648ba44166935", "sha1": "1f8f243eaef74150b38794a9bf1907295a8aa4ca", "sha256": "1d651ce92e5fc73e65ef697c2167a9444a24591dedf240fd031bb0ae9de3c433", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-CO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-CO.js", "md5": "fdfacec89e1e544f59b45d941254ca83", "sha1": "c77faa6209fa10d22120bff7c09abdaf92234144", "sha256": "6ea972d2a97b98fa04a320c98bbe39578ca66b167750fe23539cf30df9a2e0b8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "studio.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Studio/studio.js", "md5": "4ced002a018a9538c6acf5e9480d6536", "sha1": "7e89653553c1f29588fb4dd59e5ff263f253e992", "sha256": "6102d05d3b53eddcb3f61eb751c7ebab91d96f05aeaa5628e9f5954b16e53dbd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_th.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_th.js", "md5": "4a7b8ced99f731089230a597672c80a5", "sha1": "38f614ae24b86c0057c6bc50ec0afc7250ef5e9d", "sha256": "39321fa48ad92b6c086a531b05ea0990573aa16506dbfb06dd0c9fe83be12a2b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ms.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ms.js", "md5": "464937fd9731405032f695a4628c8ac8", "sha1": "0e2e3bafa0b74adb9ae48b78a951124f580faeed", "sha256": "3eea23bf49416f92dd713f21e411183c0a07ee8e0ab2a36ef26cfd902d72531b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "id.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/id.js", "md5": "b3aa19168b250c4b76620880c1851a59", "sha1": "d86f21e2e1439d331bc46169ad1df04f4283c07f", "sha256": "4ada26422fdacf06e94bbc00330cd3a9d5858b50fe61be2a2d0a2ab437607bcf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.drawing.rect.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.rect.js", "md5": "9629d6d016399a40b587c722fd55480a", "sha1": "c479d344262cf65dd1a11385fb4853d33f26f9b2", "sha256": "75c503c3f781d5e6051e0b3430045cd65605ced5bd5050acac235504a5c51036", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "color_picker.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/js/color_picker.js", "md5": "cfc0f59a846661e748cae1c0adca77dc", "sha1": "9aef3d4295afceee0f498bd62c94b15d39c04746", "sha256": "50cb1ba342cc4fb5b10e055dd7937f0284879e768f28237ad94cfdcb6bc7749a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_nl-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_nl-BE.js", "md5": "45fe89eb4ae6eef1bc4b48c2ffc32057", "sha1": "c12f457d065e5ff11b1d4211d0098ab2b1922c10", "sha256": "426829bc705f3c4c8a04981140890ee2e55e973dd004326b17ac742953f66836", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-parse-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-date-parse-min.js", "md5": "8bf5a689a5161a5852ae46cc5372a133", "sha1": "6e2537fa5a640ddf3e97b163d40ac0151f7e1089", "sha256": "adeccf6857f7e32c4cc30db38875d676f9caf4abe4a88c025e78e102bb8b77f9", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-date-parse-min.js", "sha256": "adeccf6857f7e32c4cc30db38875d676f9caf4abe4a88c025e78e102bb8b77f9", "sha1": "6e2537fa5a640ddf3e97b163d40ac0151f7e1089", "md5": "8bf5a689a5161a5852ae46cc5372a133" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-date-parse.js", "sha256": "adeccf6857f7e32c4cc30db38875d676f9caf4abe4a88c025e78e102bb8b77f9", "sha1": "6e2537fa5a640ddf3e97b163d40ac0151f7e1089", "md5": "8bf5a689a5161a5852ae46cc5372a133" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "scrollview-base-ie-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-base-ie-min.js", "md5": "424f255d7ab85eec702384bd8c388f11", "sha1": "6d00bc5f253937c2299248ecff4da68cfb359773", "sha256": "0ee221c9d838f6c872ad8bf56a5ff1fcd185424d459c1498561f62241f1e38cc", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-base-ie.js", "sha256": "0ee221c9d838f6c872ad8bf56a5ff1fcd185424d459c1498561f62241f1e38cc", "sha1": "6d00bc5f253937c2299248ecff4da68cfb359773", "md5": "424f255d7ab85eec702384bd8c388f11" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-base-ie-min.js", "sha256": "0ee221c9d838f6c872ad8bf56a5ff1fcd185424d459c1498561f62241f1e38cc", "sha1": "6d00bc5f253937c2299248ecff4da68cfb359773", "md5": "424f255d7ab85eec702384bd8c388f11" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/noneditable/editor_plugin.js", "md5": "00a1abdc0742b3b719e07c2df6e5f493", "sha1": "855fbd1d1ce49c931aa58aa693153b703e734057", "sha256": "98f8a4da7c47b16a574174caf2b79b914df342b2989c34fa7329f0b8cbaa379d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery-min.js", "md5": "32015dd42e9582a80a84736f5d9a44d7", "sha1": "41b4bfbaa96be6d1440db6e78004ade1c134e276", "sha256": "8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.js", "sha256": "8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3", "sha1": "41b4bfbaa96be6d1440db6e78004ade1c134e276", "md5": "32015dd42e9582a80a84736f5d9a44d7" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.1.3" } ] }, "packages": [ { "id": "pkg:javascript/jquery@2.1.3", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@2.1.3" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2015-9251", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", "notes": "", "references": [ { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/issues/2432", "name": "https://github.com/jquery/jquery/issues/2432" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "info", "url": "https://github.com/jquery/jquery/issues/2432", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0481", "name": "RHSA-2020:0481" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588", "name": "https://github.com/jquery/jquery/pull/2588" }, { "source": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/105658", "name": "105658" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { "source": "info", "url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "name": "info" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20150627", "name": "https://snyk.io/vuln/npm:jquery:20150627" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "source": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.5", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0.1" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0.1", "versionEndIncluding": "4.3.0.4" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1", "versionEndIncluding": "17.12" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.0.4.0" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.0" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.3", "versionEndIncluding": "7.3.5" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2" } } ] }, { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "widget-position-align.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-position-align.js", "md5": "be329611e1b98baa17ff6fb87063a6aa", "sha1": "53b3a36c69236cbfc769f97f9745b512a6a7e551", "sha256": "c4fcc556b843284b0e83c62feed485f207b68fa086b20477100ec435894e65f6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sugar_3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/sugar_3.js", "md5": "d72dd7b51fdf8f29fe6f7053035be54d", "sha1": "8072ef29bdeeac5ae0f13843f0b3159c7615fb69", "sha256": "02ce5b3001587622ccf7fd46ebeb287973b8f0b96f1939f35ad72d96323f89d5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_da-DK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_da-DK.js", "md5": "02b1482b4581a17f1748b5ba32824bb4", "sha1": "6fc8644fe9ffc572c7ec75035334dd0f75d3ac09", "sha256": "437dce5031fbc5c6df960bdfbb37056c0ca2da4a843cca0fb91153f5629e2f14", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "license.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/phpjs/license.js", "md5": "8d1e879645acd34b64c2270879203213", "sha1": "0a4667cd998b6990902a62c41a4b37a8ceb61eca", "sha256": "166113a08fa9aa5127aa2cf535863861b8789166ab55e5e4c20909c9cef6a757", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-BO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-BO.js", "md5": "84e1ba9463f313f15108679e1e3ee32e", "sha1": "25cfdd461d4efb5e11c3423a5c0b2f8723242e47", "sha256": "b8e9b13ec2b3175b30feb9a48f775edacc7cb70356728b82a1eca983f6ff055a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "selection.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/selection.js", "md5": "4ebbaba6e83932cd7f2d214cec88da19", "sha1": "e9a823890574e4a4414cb5bfb48420f8a51f76ec", "sha256": "0541f189209bcbf796ce050d3c085b18dcf572f1300841677537fe27fe0603e4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "querystring-parse-simple-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-parse-simple-min.js", "md5": "81faec510734d4c0bf074898c0f54b02", "sha1": "566f2d15a7c401b33473809ddfc1059c5006be61", "sha256": "8dc8517af08d79dead072e553d01521782e9623b203f242acb8edb9647d567e7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-parse-simple-min.js", "sha256": "8dc8517af08d79dead072e553d01521782e9623b203f242acb8edb9647d567e7", "sha1": "566f2d15a7c401b33473809ddfc1059c5006be61", "md5": "81faec510734d4c0bf074898c0f54b02" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-parse-simple.js", "sha256": "8dc8517af08d79dead072e553d01521782e9623b203f242acb8edb9647d567e7", "sha1": "566f2d15a7c401b33473809ddfc1059c5006be61", "md5": "81faec510734d4c0bf074898c0f54b02" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cache-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache-base-min.js", "md5": "9a8eb55f3e3c0150f7147bad373376f8", "sha1": "ad4eeb149b0bde0a35c6a3f68e2d94695caac7c8", "sha256": "df40daac12b9982c825cf68d421887c0b70d99adb73ebc187ace2dccba321a51", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache-base.js", "sha256": "df40daac12b9982c825cf68d421887c0b70d99adb73ebc187ace2dccba321a51", "sha1": "ad4eeb149b0bde0a35c6a3f68e2d94695caac7c8", "md5": "9a8eb55f3e3c0150f7147bad373376f8" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache-base-min.js", "sha256": "df40daac12b9982c825cf68d421887c0b70d99adb73ebc187ace2dccba321a51", "sha1": "ad4eeb149b0bde0a35c6a3f68e2d94695caac7c8", "md5": "9a8eb55f3e3c0150f7147bad373376f8" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "de.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/de.js", "md5": "699c193980627e9fdbd0bfddde76a371", "sha1": "f2f5406f12ba1e95aa8b59fc513803bb89daa2b6", "sha256": "7c8e752b3e7191faf61abd4e5a59322e7f925c2cac3461dbff05e36934914c3e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "JSTransaction.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Studio/JSTransaction.js", "md5": "279f694326dd942559adff933b408784", "sha1": "fc87778ea2f421a8b5e02ec57ff26dafdef9467b", "sha256": "5267320bf0c00c4c2c9dc037378e2d6a9a5e67da0c815f2ca0c5d7bbc1054689", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/JSTransaction.js", "sha256": "5267320bf0c00c4c2c9dc037378e2d6a9a5e67da0c815f2ca0c5d7bbc1054689", "sha1": "fc87778ea2f421a8b5e02ec57ff26dafdef9467b", "md5": "279f694326dd942559adff933b408784" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ImportView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/DetailView/ImportView.js", "md5": "ef46274cfb2aa855de3fbec666231d33", "sha1": "8a0a1030a67c6ae5391013c3c2249cd5f382eb5a", "sha256": "72715d47b43f77de52007eeb5025df43d7596d50f73b59d84a795a141ff7d294", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_zh-Hant-HK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_zh-Hant-HK.js", "md5": "0549ed21652f647c4ff75deb44946ffd", "sha1": "63fe7e3f7b66a64e89b603640698141303b68d90", "sha256": "9c2e71af1e8224a599e250a0a0bf93c397d25adea652a57cb50b1fcff6615abe", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ms.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ms.js", "md5": "44509e38bc2fd540caaab40cfcdbf989", "sha1": "51b9f5efa32f160596ee98973d35fb9a5e930cb8", "sha256": "3d217141c9619ce08b88f6cf1fc22a05bf0ab53081dded1a239c52c8faa39e5b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "wizard.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Campaigns/wizard.js", "md5": "1bfdfd1b55158d211eb27b3211d5279f", "sha1": "7a2521034e2df4aaae87952e6d97be6e13025936", "sha256": "07e4964a8d4cff9d922062a9f7314fb2a3f2a155925aa1becd2716cc33ec22c0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-base.js", "md5": "fe87102ce584de764aa146dea54062c3", "sha1": "8da197231b9d7b66c4b6e2bffcf1e52eea00d8a4", "sha256": "b0ca2118b56131eac3e36a37198359d9f481b266aa1569540615ad2de9e700a0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-base-min.js", "sha256": "b0ca2118b56131eac3e36a37198359d9f481b266aa1569540615ad2de9e700a0", "sha1": "8da197231b9d7b66c4b6e2bffcf1e52eea00d8a4", "md5": "fe87102ce584de764aa146dea54062c3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-base-min.js", "sha256": "b0ca2118b56131eac3e36a37198359d9f481b266aa1569540615ad2de9e700a0", "sha1": "8da197231b9d7b66c4b6e2bffcf1e52eea00d8a4", "md5": "fe87102ce584de764aa146dea54062c3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "EmailUI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/EmailUI.js", "md5": "9bdd220de280920ba9ca09d0f94429f3", "sha1": "eba14ce568791a8e671cdf2084d0f178f77f6b3f", "sha256": "6ee0045a22ac05d7d8c8e7dff070e22889feb3ae7df6d3e63f57bdf5d4db0b33", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "paginator.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/paginator/paginator.js", "md5": "e7d18fe1bbf6f5231166f1ec9bb6416d", "sha1": "6d8f79c9825355ef9eccfe3204c081c40473e963", "sha256": "62e191d2d263c5a187f65d83cc9675bb9eb0dd0bc352719e4a7b3e8949304b18", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "fi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/fi.js", "md5": "6be387979ec8bf853f5e8240e21c0d38", "sha1": "a098f14b51cae297603f23134f6f5eacd79a0239", "sha256": "4565c062a9d4ab052014ddcf19626d797cc65628a71d80ff55bf83017dfa738d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "chartLines.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Charts/chartLines.js", "md5": "4aa11696fc23f9c1d4f300e29334dbab", "sha1": "6f765bec92493ed0304b6ef2e3ee4a816628d4e4", "sha256": "06b095c2ea2b91563a6fe1d3a003563826f0f6389b728ced7ff3be122fe96fd1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "UserEditView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Users/UserEditView.js", "md5": "a5d33c708bf0e30356dfe2945df13704", "sha1": "9f13602d9ecb77ec3fe8dff81a476beebbb24365", "sha256": "39ce332cb47100641948b49adfe1ffa4c3ada58060848471c5887980522a57ad", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "documents.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Documents/documents.js", "md5": "363a5171f2e6532ae6accefe3eebb4c8", "sha1": "3171a6c783211ccd746a741aa7194dbbfa5c2b64", "sha256": "04237b7493ecf3502bbef6776e383e7dacdb088f9b965ce79528adfc732fd9d6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/textpattern/plugin.js", "md5": "979a1ac2d6d0bbc6501476fc6a753eb8", "sha1": "918a19362948e3dc49d903a03dfc6b1858f1d2ae", "sha256": "484bdf9149da0c8f9fcc801e93c2e40747f73098598457fb4ef0d51c0fe4c9c5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ko.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ko.js", "md5": "d67714dcda8c1500587a775283e76ff9", "sha1": "ebd702c2593175b1024c936dd779b4c474c4f841", "sha256": "8abdb7a5bc01863cd4b87992d8c9c5bdfc1dcbcf1c19dbcfa05abe4f24466630", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "AOR_Report_After.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Reports/AOR_Report_After.js", "md5": "ab77afb81f872f96f22bc676d0ae4beb", "sha1": "b332e8681900512f426835277507992efa6374a6", "sha256": "5c86703925bdd6a8cbee459a49d2544087f567ab30b3ba16adbb56cef165f323", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-VE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-VE.js", "md5": "6d68aea4e4186b75969d24fa0941310a", "sha1": "f768dd2ef5c599529e5816775960fa77682ea4be", "sha256": "15626d419d270d9fc24600649466747a592b97be62a510f6f6f808bf0851280d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-UY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-UY.js", "md5": "0e42f6203287ab14de80e786f60d0ef7", "sha1": "197cf18e57f16bc497cbeab648363031d56c7ea0", "sha256": "59bfbe6d490948dcc10436c01a2594a8259a9ffcc797e2b3622244f0b4f1104b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "actionCreateRecord.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOW_Actions/actions/actionCreateRecord.js", "md5": "d74993b3fd078cbd54a445c6b3470eda", "sha1": "1c065c62f5fd2a62cdcd74ab66e0b8dd1e7074f4", "sha256": "d0b7f93284e3eaad5c5709707097da17e1d4336657cf75699423c99df1f0ff17", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "carousel.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/carousel/carousel.js", "md5": "660db4405beb3935aeb3637fb3216915", "sha1": "f4b6e3f390a3b8406cce1beef70c3417ae6f2542", "sha256": "9e3bdb80f5e959953704b11bb8773d80528c898143a3e404590a0055b69f6f72", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery-fail.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/jquery-fail.js", "md5": "aeec03a91e7aabc40e4c34b1033af26e", "sha1": "d1f2a1d0a707db5542c23edc6eae34d5652913bb", "sha256": "f76c824d849ef9c7b1572d9360ef1acecae3af3ffcfbed38d72e1cb6ca67ca9f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-jsonschema-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-jsonschema-min.js", "md5": "3d014c703783bf9bddf5b8536da51b16", "sha1": "618fbd598fe803af7366dd17bab23bbd8c295b85", "sha256": "8d2afcfa5a7641a2f43abe783003bf722d7b4eed93fab623ea510421d45ee0ec", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-jsonschema.js", "sha256": "8d2afcfa5a7641a2f43abe783003bf722d7b4eed93fab623ea510421d45ee0ec", "sha1": "618fbd598fe803af7366dd17bab23bbd8c295b85", "md5": "3d014c703783bf9bddf5b8536da51b16" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-jsonschema-min.js", "sha256": "8d2afcfa5a7641a2f43abe783003bf722d7b4eed93fab623ea510421d45ee0ec", "sha1": "618fbd598fe803af7366dd17bab23bbd8c295b85", "md5": "3d014c703783bf9bddf5b8536da51b16" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en.js", "md5": "366e712b933f384da6883f234e17bb68", "sha1": "772e3029ab43f69382c658222aa107c9c256758d", "sha256": "c9878247ab86201c3ff8139c9cf47f17ed199739c8ea38bd2afa4049ddfdbba2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "loader-yui3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader-yui3.js", "md5": "b72e779b6ae138a88f2dd543c111551e", "sha1": "b40b9e09ed16885bb91a49465905fbca583b7aca", "sha256": "d78b9308aedce1691901c02dd7869110e05da3d56506a1a8d11cb71d34deb518", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader-yui3-min.js", "sha256": "d78b9308aedce1691901c02dd7869110e05da3d56506a1a8d11cb71d34deb518", "sha1": "b40b9e09ed16885bb91a49465905fbca583b7aca", "md5": "b72e779b6ae138a88f2dd543c111551e" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-yui3-min.js", "sha256": "d78b9308aedce1691901c02dd7869110e05da3d56506a1a8d11cb71d34deb518", "sha1": "b40b9e09ed16885bb91a49465905fbca583b7aca", "md5": "b72e779b6ae138a88f2dd543c111551e" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "container-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/container/container-min.js", "md5": "5511b676a4961a0dfb52e1f64ce65a7a", "sha1": "5052af2f5518422bc2e9f16068eff9692d4ed758", "sha256": "e6510126cd65f46ec42cba4c112d83793aaf10551d79dae6dff8a3e8b62eb891", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_da.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_da.js", "md5": "a78e66a4a2569dcad65ec4632725bd34", "sha1": "0a763725b27df0c779b43afd73503d21a0272841", "sha256": "b54f06024fa90a355d67b88afdfc970e14cd644c8f8d5be8b9b10344f57201f4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dom-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-base.js", "md5": "cd630cc625a36e3ac530f65cb75e4d7b", "sha1": "df2b9458b191e58f8864611be15fa12567e46a73", "sha256": "d46c9b571d680ec9f936d697d9cbd5e43c917dfa6393091df409e487cddde405", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_hi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_hi.js", "md5": "2bd6ec5fa5a150d64c9a57b533e6fd46", "sha1": "00db909a36e6cb7146298b14ec13ef5d315aabea", "sha256": "f9372b708b29ea4948e2d7db3a9e892d915aec0470889ec846735c8ba9b3dba5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/visualblocks/editor_plugin_src.js", "md5": "c9d3a08eee80f319aaa1eaef1599d7a3", "sha1": "cf35fbb3f32bec2c30dab6e17936cf0917e459a8", "sha256": "55330535d1390946adf3b3c6ba614676114621e1d7762947e7d211811567309a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dump-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dump/dump-min.js", "md5": "b57b2c5e3b247b6a861dd6da224be234", "sha1": "d6071262775715b70c554fbd07f78b06f64e2ecf", "sha256": "3afb9e23012497eab64d198829f1f43dcf41fdf9cf77c4c3fcf67e644d5baaa2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dump/dump-min.js", "sha256": "3afb9e23012497eab64d198829f1f43dcf41fdf9cf77c4c3fcf67e644d5baaa2", "sha1": "d6071262775715b70c554fbd07f78b06f64e2ecf", "md5": "b57b2c5e3b247b6a861dd6da224be234" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dump/dump.js", "sha256": "3afb9e23012497eab64d198829f1f43dcf41fdf9cf77c4c3fcf67e644d5baaa2", "sha1": "d6071262775715b70c554fbd07f78b06f64e2ecf", "md5": "b57b2c5e3b247b6a861dd6da224be234" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Datetimecombo.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarFields/Fields/Datetimecombo/Datetimecombo.js", "md5": "a40673ad62e3fd095b9b48e8b55093a6", "sha1": "2a35df417232166b0d9e8a7afb5bed14c4cf9356", "sha256": "4c5478e41ccace99ab13bde9958b5219d584ee41a34bf0c5634d81e8a8b69c9e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "imageloader-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/imageloader/imageloader-min.js", "md5": "e0eca242adf2b8a28acc33e8680f82bd", "sha1": "3956ed33b61cde231dc8f5910ba0c00452cbd24d", "sha256": "8c5ca3df7d1bd4e3b1baf7e6bb396251442ef5692fde3a78e9b4f229a48b407e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "loader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader.js", "md5": "0d9e052161a86a0774356ff7ff691d3f", "sha1": "2157e331e71afd1d2ca89a85b45eb7d2b0ebb112", "sha256": "e0c3566782281a40d14c4070e19b46760cb6bffe77e566f24f1a996977698b2a", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader-min.js", "sha256": "e0c3566782281a40d14c4070e19b46760cb6bffe77e566f24f1a996977698b2a", "sha1": "2157e331e71afd1d2ca89a85b45eb7d2b0ebb112", "md5": "0d9e052161a86a0774356ff7ff691d3f" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-min.js", "sha256": "e0c3566782281a40d14c4070e19b46760cb6bffe77e566f24f1a996977698b2a", "sha1": "2157e331e71afd1d2ca89a85b45eb7d2b0ebb112", "md5": "0d9e052161a86a0774356ff7ff691d3f" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "footable.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/footable.js", "md5": "15a61db976abc102366cb89796315379", "sha1": "aac353f40e7462e7e0abaff6ebe70f56fb933820", "sha256": "14445c4219a4be426b7c2191deafc3322a0e880dbc9650d48aa6f61e9a0e0ea5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_pl-PL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_pl-PL.js", "md5": "d2976b322e0f6f31679ee840edb2562d", "sha1": "cefcb1ad54e51819915e2fffb21249a5efed906e", "sha256": "856b306de10ab068cbcca1d1e822cc9441c1f0910239ca428d9051e991596628", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/paste/editor_plugin_src.js", "md5": "e66da4d6def5b5f3370400953e06550f", "sha1": "91de4d0248f648722ed50e73e07837f6cf974f0b", "sha256": "5f05ad010292d29ab348fbc1a4188d84e700562ed19a424ff8ddd3a5557b0953", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_pt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_pt.js", "md5": "fce8f163200db5da9af71bedf4b93331", "sha1": "503e67bf7dfa2a3d38643d4b0cf2dac167e18ef2", "sha256": "b409516fa55571ba41bc2b095996d8cb0fb11e805e20cb5f737072c121cef534", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js", "md5": "e071abda8fe61194711cfc2ab99fe104", "sha1": "f647a6d37dc4ca055ced3cf64bbc1f490070acba", "sha256": "85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.1.1" } ] }, "packages": [ { "id": "pkg:javascript/jquery@3.1.1", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@3.1.1" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/template/editor_plugin.js", "md5": "70cb20c4e287110ae8aeed999893c532", "sha1": "65ef097c3f220ed2aace031e6d520ddce4f9dbc1", "sha256": "f588728b7df3fcfe059e9a96addadb4fef021a4975d935cbc0e1c7c2ca347c54", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "wizardTemplate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/wizardTemplate.js", "md5": "92c65dce9153db13c20731de44d14d87", "sha1": "982e53bc91d769ea236f16e495293c5c266f0c93", "sha256": "cbeef4380c54e6a632a72bea6d7175581f8b709618dccdc082b0eb4ece83aa37", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ja-JP.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ja-JP.js", "md5": "c7f0ca0a79358010894071764b541864", "sha1": "e8ba1fb87998a76ad08ec345393997b0c4bd6d38", "sha256": "62014d2b136b0c569616b8d06f31f59485af6e535ef19f4b1d63ae8830f15665", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_hi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_hi.js", "md5": "dad256337b04a642797c5c6db9ba672c", "sha1": "b3b526e475721591bbb8a9520d4f5bbbc086affb", "sha256": "a173e42343be88d8f5011e9fd1dd226bea4e5728ef251f1d0951891906c53623", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fr-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_fr-BE.js", "md5": "a7ffc44fded77afaef50f7ff14a1a875", "sha1": "bf6594377357243347bdb98d09d295436e8ff8a9", "sha256": "20e3aa05487c0ffa79c5507a720b9767af227eeff77ac3c177ffcee7efd18d82", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en.js", "md5": "383f912e33af8e486f6e9a699f5f5322", "sha1": "e8846cf83129840af25a648f3544e16336bcaea5", "sha256": "47095e842c61fc76b4dac1287141a7f3eccd868d5ba4dfb058293df81088282b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "WebToLead.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Campaigns/WebToLead.js", "md5": "af7212bf3dceae57889060aa04b67356", "sha1": "cd0872c17b444d14dd924b1a7f2a765e716121dd", "sha256": "27b89abd19c0bf533d64c3d8054c5317ba58ed14ae814994bd1a77a6a8165f5c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "retrievePage.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/MySugar/javascript/retrievePage.js", "md5": "9c43b636b78782599b68b28d56e89260", "sha1": "617bb44f72618533e20d030cfc2a918b69d5c33d", "sha256": "0fd4a20cac4ab649a7a4b1d48267e811ac7fa7a0cb4338b6f6a70086a72d8c8e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-IN.js", "md5": "f6c11c942e6879d7ab848cc625ed97f1", "sha1": "383f28becc060fa6c9903f10048723964de07f17", "sha256": "aaf21237ce569ce55fb63457416248e9d14ecf3b409c8d1ee6c8350c324e22e2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ko.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ko.js", "md5": "21c9429b48e7d39a4963f15b1822e72e", "sha1": "76ca835ebb863992f5b5cc29b0323a6bc948f595", "sha256": "22514db2d04e4538880fe2abb9a5c1c17206de4e4fe3a0f24104bb842965a7a4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.drawing.image.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.image.js", "md5": "227646b833303785c9b01a6ef31741f1", "sha1": "ac346f285dea13d0c5489875a76fd6c6df51c239", "sha256": "35a654fa7c4f4e6f42bc0b94824e26cf0fa8dc8e3e1d631d0650745006591bcd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_da.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_da.js", "md5": "f6c9b5f06abbf0fa5493694aa59f6712", "sha1": "d40fb5a601e47e87f006761f316137fc97ce8310", "sha256": "8547f5d819de66872a82320c09b30b4c836166b1be01de3df315f9082085c055", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema-array.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-array.js", "md5": "313570e9688b05154ecd8457b311aae9", "sha1": "e4b6c4c11fb021aea42dfce1d48c95152b704493", "sha256": "a19442145855c0526194b0a8b579c055017c2512ea4d75e6f40432dd9987d4f0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-array-min.js", "sha256": "a19442145855c0526194b0a8b579c055017c2512ea4d75e6f40432dd9987d4f0", "sha1": "e4b6c4c11fb021aea42dfce1d48c95152b704493", "md5": "313570e9688b05154ecd8457b311aae9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-array-min.js", "sha256": "a19442145855c0526194b0a8b579c055017c2512ea4d75e6f40432dd9987d4f0", "sha1": "e4b6c4c11fb021aea42dfce1d48c95152b704493", "md5": "313570e9688b05154ecd8457b311aae9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-base.js", "md5": "a70764677cc94a55329e513e2b5ab9e5", "sha1": "173a403ed64df2da5a79f4fc0176fdab7404fa95", "sha256": "33ddaeede698edd5a8ce2d1bb413a73ea75e9db286f99f0b2672d801bd9a5771", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_vi-VN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_vi-VN.js", "md5": "ba0cc1cda4425e4670e723623ccc874e", "sha1": "a3ec988ee983406aface5f8bb00e0d28de19dab7", "sha256": "d36256e3d8f76170f0025c6ee8ee2f51ee3cb5c42317a1c9f7e5143bfbc1bbaf", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cache-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache-plugin-min.js", "md5": "50f99bd0b987cdd5019451f4d403ef05", "sha1": "64786c67ab2454ed394ac4bd185636075c171cba", "sha256": "2713fea3aa2665844858f5317e9b96466785a3e6266de15d58a5a5904186c323", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache-plugin-min.js", "sha256": "2713fea3aa2665844858f5317e9b96466785a3e6266de15d58a5a5904186c323", "sha1": "64786c67ab2454ed394ac4bd185636075c171cba", "md5": "50f99bd0b987cdd5019451f4d403ef05" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/cache/cache-plugin.js", "sha256": "2713fea3aa2665844858f5317e9b96466785a3e6266de15d58a5a5904186c323", "sha1": "64786c67ab2454ed394ac4bd185636075c171cba", "md5": "50f99bd0b987cdd5019451f4d403ef05" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_th.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_th.js", "md5": "aef3958b31e4c3f544eff476bc428624", "sha1": "042049897c876c06be5a2f5c360d61d4a23d6bb9", "sha256": "cf1eb26ccd1251fca53d541219c149e5effe82916b662c052f5af89893623830", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.dataTables.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/DataTables/media/js/jquery.dataTables.min.js", "md5": "114c26084cb472c6a5f8b58908472ad7", "sha1": "997b4df51ef05dde32eabf731e945efb4ff9126d", "sha256": "a9c575c2bf9b9f836806dc58aa0866cb558806fc5ea1ef2f4250a8c0b1be7278", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "theme.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/themes/modern/theme.js", "md5": "70a127e7006d1ebc876d3b29404eed89", "sha1": "758f935584c8e90eacdc0e98ab6508cd2c4fe88f", "sha256": "7f805ce915d03a80bcf4a5fe4690cb39f62f42b37d55a346d15240f6b524d7eb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ro.js", "md5": "5b50a6aeb7561f037555f30ab6c44bee", "sha1": "54ab1975bf39cb76e8a14822f5cafb4a1f104e77", "sha256": "29f0fbaff133c2be586985d96720ad1d33f9c80263f95bd80a0ffeb39039b360", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsonp.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/jsonp/jsonp.js", "md5": "b5de6c7103ae45ab9bd04175a1f10069", "sha1": "36540160d1f5229cce6b06ccdccbaf5427c1e5d4", "sha256": "ef15419a8e35f0ba518c2df8874fce60f32a9642d153a0a605b70559ae18b8c2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "overlay.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/overlay/overlay.js", "md5": "9077589375f60d618c7b2d25a03c9692", "sha1": "2f106ad5febf1d66aa285c006db6727cffa2bc10", "sha256": "b79b63baac1889d2ab66528290c3d2cd599b7f977f7a2a5806f1008b3e393b26", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "scrollview-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-base.js", "md5": "21a1e680d2c962a37147e802348525c6", "sha1": "f2ce28de9c27afdf76329dcdc9bde615473c0a99", "sha256": "77c0a2eb52222ed421d78c466c7c8b411b7a730dbd6421aa44cabd1af5ab6ffc", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-base-min.js", "sha256": "77c0a2eb52222ed421d78c466c7c8b411b7a730dbd6421aa44cabd1af5ab6ffc", "sha1": "f2ce28de9c27afdf76329dcdc9bde615473c0a99", "md5": "21a1e680d2c962a37147e802348525c6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/scrollview/scrollview-base-min.js", "sha256": "77c0a2eb52222ed421d78c466c7c8b411b7a730dbd6421aa44cabd1af5ab6ffc", "sha1": "f2ce28de9c27afdf76329dcdc9bde615473c0a99", "md5": "21a1e680d2c962a37147e802348525c6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "table.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/js/table.js", "md5": "e0e14b90fc55f35030b76c93efaf6d5e", "sha1": "a38ef4172eb8181751687fee938fd191da454898", "sha256": "fd8cf7bd95988bfdf82a67a1915d37130c510a5616d3b0b298b6ae676aab4cc5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "email_popup_helper.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/email_popup_helper.js", "md5": "e74e0b7900adf3c933cc7f7f481b9a02", "sha1": "09eebba1d3e100f4fca26587830d1343745f71d0", "sha256": "a0d7a9e491d2452ee0a5bc2c525fbb15f83bd2d8da773edab85e9f642785fdef", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "json-stringify-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/json/json-stringify-min.js", "md5": "09dd6e9cac517906e881d9d086f2ca5c", "sha1": "eb83873d0c8e4e5dd915e181d854969d50d02013", "sha256": "5daf5600be9291789cf9029d0b838f15ed546df8d3c32d3d4a8c369a45b98f6e", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/json/json-stringify.js", "sha256": "5daf5600be9291789cf9029d0b838f15ed546df8d3c32d3d4a8c369a45b98f6e", "sha1": "eb83873d0c8e4e5dd915e181d854969d50d02013", "md5": "09dd6e9cac517906e881d9d086f2ca5c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/json/json-stringify-min.js", "sha256": "5daf5600be9291789cf9029d0b838f15ed546df8d3c32d3d4a8c369a45b98f6e", "sha1": "eb83873d0c8e4e5dd915e181d854969d50d02013", "md5": "09dd6e9cac517906e881d9d086f2ca5c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-scroll-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-scroll-min.js", "md5": "ff35774cc2072ac72bc33f540ed140af", "sha1": "d7961f2d2d42690d4be1335b4b96e349691661ac", "sha256": "e11bd78bb63f44f35954a12ea93f548bf48c3e0e292c84101a2b52790570d682", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-scroll-min.js", "sha256": "e11bd78bb63f44f35954a12ea93f548bf48c3e0e292c84101a2b52790570d682", "sha1": "d7961f2d2d42690d4be1335b4b96e349691661ac", "md5": "ff35774cc2072ac72bc33f540ed140af" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-scroll.js", "sha256": "e11bd78bb63f44f35954a12ea93f548bf48c3e0e292c84101a2b52790570d682", "sha1": "d7961f2d2d42690d4be1335b4b96e349691661ac", "md5": "ff35774cc2072ac72bc33f540ed140af" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom.js", "md5": "46c6eb8d0988b36385fc4f861210a212", "sha1": "f9631f4007fa51587c713839cd0fd727c8702ab8", "sha256": "e2b8f2d4aaf6c9b18d217017c49d0db3a6c8d50d86b342335d31869e9aaf072a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.funnel.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.funnel.js", "md5": "98be7b4834ee8fe805eddfcf719f369d", "sha1": "24661f3d804d5dafdfba1b53b1aa564873f9d982", "sha256": "2e5b12b949a2a751b5a2578e19752c36f5fd838862f01c2cadabfdb912d6a6f9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_it.js", "md5": "4e0cc8d0dbbe06eaed17cae17f8590d0", "sha1": "0de75dc78e482980633106f59277487b9e26ce6f", "sha256": "92497b109e53464fde2bf116fad3399fce7dcb78dc212deda1a1d4a146f0f8d9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "text-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-min.js", "md5": "5e390e370ecde6714ccad212c29974af", "sha1": "98a6abc7acc5fdb4fe8906bb579d6a031d0b4fa8", "sha256": "0e20fbd9da3d8c6f30a5da5f83bcebdeef32fe2e8aacac24d1b02b68f0e703a6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-min.js", "sha256": "0e20fbd9da3d8c6f30a5da5f83bcebdeef32fe2e8aacac24d1b02b68f0e703a6", "sha1": "98a6abc7acc5fdb4fe8906bb579d6a031d0b4fa8", "md5": "5e390e370ecde6714ccad212c29974af" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text.js", "sha256": "0e20fbd9da3d8c6f30a5da5f83bcebdeef32fe2e8aacac24d1b02b68f0e703a6", "sha1": "98a6abc7acc5fdb4fe8906bb579d6a031d0b4fa8", "md5": "5e390e370ecde6714ccad212c29974af" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Time.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/Time/Time.js", "md5": "20988bd43723f92de890f3db95bf979d", "sha1": "2f4cebff7c2863528d2c6730a189cd0e7290d016", "sha256": "8f9bb99598c519ec6392270cd9bea605f71883dde1cc613f116b20be7ec859d2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_zh-Hans.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_zh-Hans.js", "md5": "3d292983e12f9deaf068cc8ecc8111d9", "sha1": "7d162ada931431d2d91968065ae18451caddb301", "sha256": "a8eacf785b5a3764e7c06139a0bdf8e2b9158cf8a43ca89febb9258f0dd3f929", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_fr-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_fr-BE.js", "md5": "d35ea9baa6834d3adcaa5548f3c9a206", "sha1": "51676acff4651fc7cd7d823c7c16c7e14542117d", "sha256": "f8c2e4fdae8d682ae899c5e701c9c279aa6227c74649c95aea6cea2902ad01c7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date.js", "md5": "d8fd2f43aec20bf2327ecf3154ed92ab", "sha1": "39ab62afef3a18dc7980d06cfcf132ecb9aae3d8", "sha256": "1385c52f3fbd43604bcdf99dce87969a1591e6cb293d7eab4f6323ae369b3d98", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "duration_dependency.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Meetings/duration_dependency.js", "md5": "6fdc91648e92f1198bcf6f5ff4fae049", "sha1": "a2465743123326e06d3c70e2412b5f7661eb7db0", "sha256": "b6f3152911d8679ce32b0361937c52c4d2e1c2eb1148e3f4558cbc193f387253", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_el.js", "md5": "16a9626e59559bb9e1298c9f80982bc9", "sha1": "122534928c6d4424859ea655d0679225383126fc", "sha256": "111014c9f2693a78e5941be1fa4abaa1bbd8d0f403d07a4a6ca6df486f3b8ddc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "AORReportsDashlet.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Reports/Dashlets/AORReportsDashlet/AORReportsDashlet.js", "md5": "95fb8234d31774e011b0984229dca16a", "sha1": "d3e15511a1ff340b0b834196e22ce1a1a1559095", "sha256": "973d0fcf5e017684a60a337880f804db15deb2596091e1fb891c6a7d0a750099", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "conditionLines.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOW_Conditions/conditionLines.js", "md5": "1a2aaa0c1c80a53282cf83fa421be105", "sha1": "542ed1efdd7dc9c25779731a491a5ded52197bba", "sha256": "fba2429365d75717ed09f4dc1352e6b660d50950f12b9e3d1236d267d5b96097", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.elementReady.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.elementReady.js", "md5": "ca3ff36ea735918a7425a47940d0e1c8", "sha1": "560be30cd1c59e12bf5ac5848e902312a0dcfe1a", "sha256": "82929ccc1d7d2fe50d9afdfc4a77948c024d41897d30a133b71277a8ef8c317c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ro.js", "md5": "2eb8c310e15900ac5d393146e121ba89", "sha1": "43fafd5cdac1202f76f006998254e6252d7d5929", "sha256": "39d0d3652cc3f77e1fa53ddcfce7876e20c231066c494bfdf3328b3b45a4ba12", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/hr/plugin.js", "md5": "428c9fb47a7b83fa0440a15886d0b11a", "sha1": "523d599375f26aec5a6e83d4aff450a7e06edd1c", "sha256": "09faab22ae2ee7560dfde4bbf3c2be7dc041bc955b113f26ff6a90b60d161804", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ca.js", "md5": "254fee1565bd1e8b2fcb515bb1f16c23", "sha1": "42d242ac416a2af00ab76d999a030e9acd1a985c", "sha256": "30f0de70e0b9d3780dcfefef2994d15976e18dc14c808f6c6a1a2efc5b8b34cb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-NZ.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-NZ.js", "md5": "26684ec54fbe6a66d039b1520d4febc2", "sha1": "399210e54bf05bea13fdc2446c780c3d7caab2cd", "sha256": "97aa5c057c5bdee278d8b6392d2fc9cf5cc142b73c372d25a12b565107fba349", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-base-min.js", "md5": "e4da60bab3515781e0295ab94baf5bf8", "sha1": "395c9b61acf52cf30c66364a49e3cc5549619bca", "sha256": "d88bdf6b816342f9299e939d6b6a6295104c8dbbe089e156300d5c948bdfd3b2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-base-min.js", "sha256": "d88bdf6b816342f9299e939d6b6a6295104c8dbbe089e156300d5c948bdfd3b2", "sha1": "395c9b61acf52cf30c66364a49e3cc5549619bca", "md5": "e4da60bab3515781e0295ab94baf5bf8" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-base.js", "sha256": "d88bdf6b816342f9299e939d6b6a6295104c8dbbe089e156300d5c948bdfd3b2", "sha1": "395c9b61acf52cf30c66364a49e3cc5549619bca", "md5": "e4da60bab3515781e0295ab94baf5bf8" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/print/plugin.js", "md5": "541a0d6e398d65f4e2e3963a12e48ba2", "sha1": "c50dcf1aec9bc258a307650a4451797e9159d737", "sha256": "3a0fd697662c0ab51c0b777de617ac7a756f59a00a12f2b1b41be03e0418f937", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "th.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/th.js", "md5": "eecfe832de4fae0d3fa0b6ba2c015d98", "sha1": "aa668d61cd295b0845349146a4627c5583702f79", "sha256": "1b3a2d1f3838beeff733043dfc1057ac6090bff682c7f9488b582b16358b9a1d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_id-ID.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_id-ID.js", "md5": "0512aa9298f419e99ba73242fba34c43", "sha1": "7a8e1dbfb624a825b7f4b622eada9151db2901bb", "sha256": "a7834c46751135b63b1238a3efd56831f735118d6f95284c3d0a3cae61cba876", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "test.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/test/unit/test.js", "md5": "07deae600c7863d7ee817686d9001788", "sha1": "81e8e6ad97122a5a813121677ad2f08e95cd0e57", "sha256": "af7ac69ac10136f1c15a812c6e3b4dc6b3501cae337d130fc9aec19d84157229", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_nl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_nl.js", "md5": "38ecbdd765de4c02ecb61dbab8154910", "sha1": "371fe98f366a40293116441583d987a9f7b2a09e", "sha256": "dbdb85ae13c3769e54adfce26ea0e3d701e1c827eaf86fc24e522019e7b6502b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "TVAnim.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/anim/TVAnim.js", "md5": "f235c562ec64bf0f3315a85e3b48fc9d", "sha1": "7254fd5fe65dcf3e10db2fd6db78b7bd859c3a61", "sha256": "1caf30d4646bd48558ecd97332cb10a9d408d89243490ac94b7ce9987f4e1b75", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_fr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr.js", "md5": "cc66bb7e485d983c8abd55e0e3128cd6", "sha1": "67b2beb9fb62dc8b2f76160ed9f2c3d19bb08595", "sha256": "30a066a3245b51afebe53b335ec4f786dc2c846683118810275f2b6828e10251", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "bindWithDelay.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/bindWithDelay.js", "md5": "9e9858d872371595cc135dad5ae079ee", "sha1": "ea89e137db5e691300fc62a46ecb6d95ae0ee2ff", "sha256": "5b4d7da3e428b858be0aae6e1e2b9920a1226ab70160afe6d524569a1d19a6e8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/preview/plugin.min.js", "md5": "9d70ec722727adb76413e682f0a0e588", "sha1": "e2b35b5f40d194af4d326d391c623941a1d29305", "sha256": "3f62d78113afc6bd199b54066d2d38889da5bda29a3461fff44118f4d348873c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "layout.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/colorpicker/js/layout.js", "md5": "59c7c780e6a1222121cdd2395565bebf", "sha1": "cda7f9d14c866dbf867db3a083bb2d383601969e", "sha256": "97b174ab88074727c103b59af39f41177ce304716ec90998bbc1b98201336f68", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.drawing.marker3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.marker3.js", "md5": "adb82773c1df2c3a3a1a296d79407bb4", "sha1": "bbfb061faf39cea608ea73c3138de469296aeecb", "sha256": "8d6944e6c4ecef11381bc9c87521038639bd447f2740d4dc3e43a07d01544fe0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-upload-iframe-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-upload-iframe-min.js", "md5": "a59be4ac59f8f395e60e4f000582f57b", "sha1": "17c242c5d7408313c939aaec0d3b6155872cf912", "sha256": "1551cc62aa1c40a2fbf702b300ec846a62a5df31adaaf3960c78918ac56c8c60", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-upload-iframe.js", "sha256": "1551cc62aa1c40a2fbf702b300ec846a62a5df31adaaf3960c78918ac56c8c60", "sha1": "17c242c5d7408313c939aaec0d3b6155872cf912", "md5": "a59be4ac59f8f395e60e4f000582f57b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-upload-iframe-min.js", "sha256": "1551cc62aa1c40a2fbf702b300ec846a62a5df31adaaf3960c78918ac56c8c60", "sha1": "17c242c5d7408313c939aaec0d3b6155872cf912", "md5": "a59be4ac59f8f395e60e4f000582f57b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_pt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_pt.js", "md5": "8f1b06c00c1f4ecc5040d989a5ecd06b", "sha1": "9e0f64defa30d0f1a84bf2986e0ee57c39a3a1a3", "sha256": "e1a736304e28ec50767496db340cc7855d77f96f48556073abf65cfd413a5d8e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "simpleeditor-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/editor/simpleeditor-min.js", "md5": "8cdc4a7f130902f58ebbce3e74800ab8", "sha1": "b3fd4afef06a762e5bbb79798dd6f5f824341f9e", "sha256": "1772533c5f9db7d63b72b50a48b24ff28f28ed28081d934a2b5ee79e5a17b590", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-PH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-PH.js", "md5": "f22595048c5085db2ae0e172e562abc7", "sha1": "f720bdf0c6648e81f435b826c51f14b70ce2ec7d", "sha256": "b64e2edfa9926c27b5ee6e02b684fb41a64f6a1be7a31770aaa34c8b0e952c5b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-IE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-IE.js", "md5": "2a7335dd04308558b0bd9be521b35002", "sha1": "fe57791eea1ab35cbbdc48ae1878a091e447bc55", "sha256": "599d267701289bc99345ada60a663926694e7796a3d4da0c68ec9663efe798dd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/fullscreen/editor_plugin_src.js", "md5": "dae63ddab5c4a9fee69fe36e4f2558a3", "sha1": "3feba1ff704d4b5d0b434502c4b00b223c7f6255", "sha256": "f5568a0ad58a040d22336a49cf4b219575d6b44f467976a719ff7d67fc656ff2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jit.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarCharts/Jit/js/Jit/jit.js", "md5": "df8355ccd2772130088b1fb667650271", "sha1": "fcc63ef6c39ce72f1e8ccb5fb2215ba5d9f802db", "sha256": "195e91855d57a80f24e119569db40fa755b128f8c3e3ad050a1ff2f0b8c5085e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/autocomplete/autocomplete-min.js", "md5": "74029a4662a0a3cd3491b670c63b8166", "sha1": "02b2c0122151d67d2bf4b415c6ba887895141f25", "sha256": "25743568165ec413d93b410b548e2a02ab034275611c6f5aa22d5aef1372080c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advlist/editor_plugin.js", "md5": "5f1c8625c04a6b0f4567c1c8d5e28ff9", "sha1": "22ef0de9384bfde8507ac5271866c9d9777ea583", "sha256": "2f719cbc1b203df946b1169fd729df29c75b91c4f3c9dddb9dd12e4953a86df9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "console_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/console/lang/console_es.js", "md5": "4edd4eba382ec8733ca4349ac523c5a2", "sha1": "316bb2e23bdd15cbe42596b18068782c2fa736ea", "sha256": "18fe457c975fa70157f19bc20be6200c0b9287c98f544dfe5dd1b0e6e9104e93", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "imageloader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/imageloader/imageloader.js", "md5": "84f586902f448208eb767e8f8e4a7df2", "sha1": "67871d0bf1d283c9faadce77bd9d3905db479b52", "sha256": "919c75fe5fe8eb844d411a9d07d5668b602e965b246f2189fbcd2f9b58df7f18", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yuitest_core.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yuitest/yuitest_core.js", "md5": "e7e66f08682ab60ffd53fc8cbfd7933e", "sha1": "99c7442208f42c1109873a4dedb32f6dacf0b17e", "sha256": "d8051150e0db7a84c347d65313e31ff24ab0082bcb371b22af34fecc1abd0d17", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "is.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/is.js", "md5": "e2da5a97a7db2abbc10a71002257d5c5", "sha1": "84ba3f742ac7e7e83de66b9924ddcb8c78d1bb3a", "sha256": "50ea19c81dc0736197e0b87431721ba0a10845e88312e4a67a2f034366dc504a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-custom-complex-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-custom/event-custom-complex-min.js", "md5": "bd321769905d49983f9ffcb0f2b2beaa", "sha1": "3c27c7196ceba69070d1e6f5b232025b7dd23619", "sha256": "4a44ab6ca38a18fe360b145aa21be9bca3974198bf887bbe2b6dd07a2427d3aa", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-custom/event-custom-complex.js", "sha256": "4a44ab6ca38a18fe360b145aa21be9bca3974198bf887bbe2b6dd07a2427d3aa", "sha1": "3c27c7196ceba69070d1e6f5b232025b7dd23619", "md5": "bd321769905d49983f9ffcb0f2b2beaa" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-custom/event-custom-complex-min.js", "sha256": "4a44ab6ca38a18fe360b145aa21be9bca3974198bf887bbe2b6dd07a2427d3aa", "sha1": "3c27c7196ceba69070d1e6f5b232025b7dd23619", "md5": "bd321769905d49983f9ffcb0f2b2beaa" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "CheckNewEmails.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/CheckNewEmails.js", "md5": "3f33334bc439e51c6e359605dd6fdc51", "sha1": "b04fa5a3f94067d4dd1a1e4ece5bab19aaad9625", "sha256": "2c091203948cfe275f597da53a57e46ae4e4dbb777e465fba1c271a75f01e851", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "querystring-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-min.js", "md5": "12829bdaf3f1dc8f5265b57c2a5185d4", "sha1": "b6a71549988b433935793698aa08088955737a26", "sha256": "0449a9785a9c1fa4242f09e15fc617d63101934bddd86385c95158d8761f0432", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring.js", "sha256": "0449a9785a9c1fa4242f09e15fc617d63101934bddd86385c95158d8761f0432", "sha1": "b6a71549988b433935793698aa08088955737a26", "md5": "12829bdaf3f1dc8f5265b57c2a5185d4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-min.js", "sha256": "0449a9785a9c1fa4242f09e15fc617d63101934bddd86385c95158d8761f0432", "sha1": "b6a71549988b433935793698aa08088955737a26", "md5": "12829bdaf3f1dc8f5265b57c2a5185d4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/media/editor_plugin.js", "md5": "50357276b12ae5ac6c77d46d12e69044", "sha1": "81d39a6b048aedc609f3c3b1da5ea117b5e17522", "sha256": "0bd6db844921147edc844c255cc4ec207f29c7900056b63c57bde67d6e7d388d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_sv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_sv.js", "md5": "919728894a8ff305127242d42d6d7f0f", "sha1": "661b61d7dbb7ae110e7d425bff65ab12107796ca", "sha256": "5f1ff29530d1f5c5fcfdea04687abcdbd69da54a00bfc1566e1739bf833bee0d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.popoverext.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.popoverext.js", "md5": "d8f03476467cfffc7b91e31ed4f2383b", "sha1": "f87e0f1fb90573444167b8c3824f62b690b2d2d2", "sha256": "33cb059eca61d0b95cc342c4106c0aef050637456cbd6c827b324d09fdd7e775", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-ddm-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-ddm-base-min.js", "md5": "340989b645ddde12aa9fac2d4fcbdd79", "sha1": "fd2664592da8c5a80c4d06f46cebc46524f8fb81", "sha256": "a8ad47b9c32f4f714be32f239dc7e91a55e603ebf3c46d893bdcfce3804ae064", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-ddm-base-min.js", "sha256": "a8ad47b9c32f4f714be32f239dc7e91a55e603ebf3c46d893bdcfce3804ae064", "sha1": "fd2664592da8c5a80c4d06f46cebc46524f8fb81", "md5": "340989b645ddde12aa9fac2d4fcbdd79" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-ddm-base.js", "sha256": "a8ad47b9c32f4f714be32f239dc7e91a55e603ebf3c46d893bdcfce3804ae064", "sha1": "fd2664592da8c5a80c4d06f46cebc46524f8fb81", "md5": "340989b645ddde12aa9fac2d4fcbdd79" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/template/plugin.min.js", "md5": "6c1e9ff35d4553ff185771fb03015caa", "sha1": "0be0d7f0e57bbe6e279cc904641cf3e3af38429e", "sha256": "61d3dd3081c3ddaa077ce755fbd44a36ab1dc332b13514561c272b0947b59776", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ComposeViewModal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/ComposeViewModal.js", "md5": "89f823a4ff877427147f3b5253fb3562", "sha1": "9e4b81837f2ad0de1c8130a5278dddc8dedeac26", "sha256": "f015512fabc3a4c7d15b2d528b2382d2a52170f3db382247c8a1d849f9db1d14", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-lists-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-lists-min.js", "md5": "5e1b76ecbee92cd5a4e0c4a4df5924c0", "sha1": "5b074b6ba61e24f9aa4944605a997d0f058c9081", "sha256": "82b065227ccb2f88648a7f664d554b14766111c4909f7c1a4260d5647a01b7d7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-lists.js", "sha256": "82b065227ccb2f88648a7f664d554b14766111c4909f7c1a4260d5647a01b7d7", "sha1": "5b074b6ba61e24f9aa4944605a997d0f058c9081", "md5": "5e1b76ecbee92cd5a4e0c4a4df5924c0" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-lists-min.js", "sha256": "82b065227ccb2f88648a7f664d554b14766111c4909f7c1a4260d5647a01b7d7", "sha1": "5b074b6ba61e24f9aa4944605a997d0f058c9081", "md5": "5e1b76ecbee92cd5a4e0c4a4df5924c0" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "tour.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Home/tour.js", "md5": "8d3968fbeb138587fbd6ab2e6bf565b9", "sha1": "7c3c93e30bc00f53ad034edc2afb2003801c2df0", "sha256": "b0382e1949a0a35660527b18fc11dd48d7cc738af321f8ba8d360274122d1c34", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jstree.conditionalselect.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.conditionalselect.js", "md5": "9a96b1cd2f44b6ce41bea95ecab61aaf", "sha1": "3a11713a06d0f3f5e388a2bc8ab7590012f64588", "sha256": "e59c4d8b082f396d6402c3594b3541258b808428a792a14f54d3958b4feefd34", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "array-invoke.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/array-invoke.js", "md5": "71ec41f6e62a820fe798b80066684e0c", "sha1": "d2cfbcbd13a0f071d98d67ae208d061fa22bf783", "sha256": "b08ddc0b164eef22bbfed62b704851cc2ce3bfe691fdaec11ea8c2fd8e556fc0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_tr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_tr.js", "md5": "5aa76124e4e1532db24524f89901c6d0", "sha1": "bfd4f7764e5b61f41c5af55ec067d7cd30b4ea6b", "sha256": "75b938623720b288f25f33205c648c6cefb5d219cda33cbefc5e70502347a3ce", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "HTMLNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/HTMLNode.js", "md5": "80d3d7b998e77999da2cd4fb0168ab68", "sha1": "d1865ff8236dc0cf6e66502da0f64a8499e39988", "sha256": "5ad066dc3ad93d8d93eeec79c8c503e792706b839f6c575bc62f4d120eeaada7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-JO.js", "md5": "f06898f1abb7cffbda9e505c220a824d", "sha1": "e85ccc898e482d3ed3368429d14371032a9e439d", "sha256": "3f27d5604cd69ca01192cb2a56669f4707846152e44c8316e225a1ffaa81e33c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-scroll-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-scroll-min.js", "md5": "d8f4132fe3dfdcf7ac9ae09880f8d24c", "sha1": "d03d4e70eba628f4b3a3562046f4b0257c47dc60", "sha256": "bc4a5b65c1db1939c78e6d30ccda2174b31d48bdc584c68d0d6585be5fa19da6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-scroll-min.js", "sha256": "bc4a5b65c1db1939c78e6d30ccda2174b31d48bdc584c68d0d6585be5fa19da6", "sha1": "d03d4e70eba628f4b3a3562046f4b0257c47dc60", "md5": "d8f4132fe3dfdcf7ac9ae09880f8d24c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-scroll.js", "sha256": "bc4a5b65c1db1939c78e6d30ccda2174b31d48bdc584c68d0d6585be5fa19da6", "sha1": "d03d4e70eba628f4b3a3562046f4b0257c47dc60", "md5": "d8f4132fe3dfdcf7ac9ae09880f8d24c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "substitute-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/substitute/substitute-min.js", "md5": "0350a8d123a9ab3e0a8420fcd405e678", "sha1": "33425b9e68a0fe36adc12b8a82eea0c8595efee5", "sha256": "6d44502150742783f40cddd2bf2fb4226d4ab64149f9593c58a7937ec74df3f5", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/substitute/substitute.js", "sha256": "6d44502150742783f40cddd2bf2fb4226d4ab64149f9593c58a7937ec74df3f5", "sha1": "33425b9e68a0fe36adc12b8a82eea0c8595efee5", "md5": "0350a8d123a9ab3e0a8420fcd405e678" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/substitute/substitute-min.js", "sha256": "6d44502150742783f40cddd2bf2fb4226d4ab64149f9593c58a7937ec74df3f5", "sha1": "33425b9e68a0fe36adc12b8a82eea0c8595efee5", "md5": "0350a8d123a9ab3e0a8420fcd405e678" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.hotkeys.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.hotkeys.js", "md5": "e642d81a11fdb3df7a9a286ea673f94f", "sha1": "aff29aadf4d100cf6f9226f714514242629cae4c", "sha256": "4955a85ecbf76e7548e791f2a27c661dd0d607a83e9a4f89fbd7ea7521f4da42", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "text-wordbreak-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-wordbreak-min.js", "md5": "6f30c7cc463ec3a07d1ad1eb46343769", "sha1": "1d6f14e877738aab9aa65fcbbb2f7d1d2733abc3", "sha256": "60ddd7822ecac95356b89d986cd7c0ea1dc7bbdff44b7650d7f21bab13e4b93d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-wordbreak.js", "sha256": "60ddd7822ecac95356b89d986cd7c0ea1dc7bbdff44b7650d7f21bab13e4b93d", "sha1": "1d6f14e877738aab9aa65fcbbb2f7d1d2733abc3", "md5": "6f30c7cc463ec3a07d1ad1eb46343769" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-wordbreak-min.js", "sha256": "60ddd7822ecac95356b89d986cd7c0ea1dc7bbdff44b7650d7f21bab13e4b93d", "sha1": "1d6f14e877738aab9aa65fcbbb2f7d1d2733abc3", "md5": "6f30c7cc463ec3a07d1ad1eb46343769" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery-ui-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery-ui-min.js", "md5": "99c03a5b0b8ee0e4e2ebeb95a8cdfe60", "sha1": "5d04ce260ad582a633cc06021dcec03450058687", "sha256": "764e54c2d848fc219b73e2e4cedc6562cb1928fff0d7a33e0daa354eb97bc4e8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery-ui-dialog" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery-ui-dialog" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "1.11.3" } ] }, "packages": [ { "id": "pkg:javascript/jquery-ui-dialog@1.11.3", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery-ui-dialog@1.11.3" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2016-7103", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.", "notes": "", "references": [ { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "CONFIRM", "url": "https://jqueryui.com/changelog/1.12.0/", "name": "https://jqueryui.com/changelog/1.12.0/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190416-0007/", "name": "https://security.netapp.com/advisory/ntap-20190416-0007/" }, { "source": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "source": "CONFIRM", "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6", "name": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1" }, { "source": "MISC", "url": "https://nodesecurity.io/advisories/127", "name": "https://nodesecurity.io/advisories/127" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7103", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html", "name": "RHSA-2016:2933" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "info", "url": "https://github.com/jquery/api.jqueryui.com/issues/281", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/", "name": "FEDORA-2019-a96124345a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/104823", "name": "104823" }, { "source": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html", "name": "RHSA-2016:2932" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-19", "name": "https://www.tenable.com/security/tns-2016-19" }, { "source": "info", "url": "https://snyk.io/vuln/npm:jquery-ui:20160721", "name": "info" }, { "source": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html", "name": "RHSA-2017:0161" }, { "source": "CONFIRM", "url": "https://github.com/jquery/api.jqueryui.com/issues/281", "name": "https://github.com/jquery/api.jqueryui.com/issues/281" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.12.0" } } ] } ] }, { "isVirtual": false, "fileName": "recordset-indexer.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-indexer.js", "md5": "d9de0db06d0d4b6c36ad6e3cde71f539", "sha1": "f63b7478da11edb2c56ed287935eef517fd77167", "sha256": "e09b69bdbcbd8281334ba769ae7b478e0bc58a04dc54553e829afd625faf5c77", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-indexer-min.js", "sha256": "e09b69bdbcbd8281334ba769ae7b478e0bc58a04dc54553e829afd625faf5c77", "sha1": "f63b7478da11edb2c56ed287935eef517fd77167", "md5": "d9de0db06d0d4b6c36ad6e3cde71f539" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-indexer-min.js", "sha256": "e09b69bdbcbd8281334ba769ae7b478e0bc58a04dc54553e829afd625faf5c77", "sha1": "f63b7478da11edb2c56ed287935eef517fd77167", "md5": "d9de0db06d0d4b6c36ad6e3cde71f539" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-min.js", "md5": "fbdae4820bfd06a1e125a725d9e2f942", "sha1": "3af8f0ac5d9021202176d5fa7dff4bdf1adf720a", "sha256": "baa8c324a99aba9c7d4448f6389bb1ccf8b59ada28c1d65755d9f828f1e9ddba", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-min.js", "sha256": "baa8c324a99aba9c7d4448f6389bb1ccf8b59ada28c1d65755d9f828f1e9ddba", "sha1": "3af8f0ac5d9021202176d5fa7dff4bdf1adf720a", "md5": "fbdae4820bfd06a1e125a725d9e2f942" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim.js", "sha256": "baa8c324a99aba9c7d4448f6389bb1ccf8b59ada28c1d65755d9f828f1e9ddba", "sha1": "3af8f0ac5d9021202176d5fa7dff4bdf1adf720a", "md5": "fbdae4820bfd06a1e125a725d9e2f942" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "collection.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/collection.js", "md5": "0cc0e96623dda96495247fcd929c41e8", "sha1": "3fe8f88680a0870398336e7b28557e2d4ec5380c", "sha256": "3980d3a332ae49515d7382a09ba3e9b9e1b1cff2efd33dca13409726528d345b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "TaskNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/TaskNode.js", "md5": "eb7b39df715ad52c70168cf8aae0d826", "sha1": "5286a7b2f75cc9804e733760af5868e2d54c6160", "sha256": "9a3024b2ddea93e2c5ba89181eee51b063f99a8a7643ae62c2a2fcf4d3e759f7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "EAPMEdit.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/EAPM/EAPMEdit.js", "md5": "ad7ed49f6bebbc098884b42fc7fbf186", "sha1": "b6d79151a806dfc0bd35f57348f8bf0d5f255d56", "sha256": "85a24537ec957104acc84c2d927e55da9dcdd45a86e2dfe69063dae239d71164", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cookie-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/cookie/cookie-min.js", "md5": "b0058ed1330069cb8510e5d054681b1a", "sha1": "842c8bdc58646ed2787e1d784cb7b31497974ea6", "sha256": "36b1a50757cf8de6dc616611ae22070a34d6a6c7ba60359d4eef8af541f9f66b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "text-data-accentfold-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-data-accentfold-min.js", "md5": "771aa204add3f5a9075c5282ffa9cdb8", "sha1": "a2c43068d1bbe4b72d4615ddf7a207eb71d4989e", "sha256": "cc36b9a0574a07a353201e9f95abe540ae596a7bdebd67371aef7268bbbb0e26", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-data-accentfold-min.js", "sha256": "cc36b9a0574a07a353201e9f95abe540ae596a7bdebd67371aef7268bbbb0e26", "sha1": "a2c43068d1bbe4b72d4615ddf7a207eb71d4989e", "md5": "771aa204add3f5a9075c5282ffa9cdb8" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-data-accentfold.js", "sha256": "cc36b9a0574a07a353201e9f95abe540ae596a7bdebd67371aef7268bbbb0e26", "sha1": "a2c43068d1bbe4b72d4615ddf7a207eb71d4989e", "md5": "771aa204add3f5a9075c5282ffa9cdb8" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-CA.js", "md5": "ee6b819ba0fe3ad310f137019c7eb15b", "sha1": "880884c6c39063d7d10bb498b2ec494b38bb7fef", "sha256": "300c2624c91508d4c197e04093618bb8eb957873f15346a15af7fc433f599f98", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "include.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/include.js", "md5": "f5eebf525217f709a81cbeb9d671c77b", "sha1": "16e2ed71bf63fc9802b8c97ed2ccab627a17f6b4", "sha256": "6a7c3f73e179abe43bf5387457506b4c389fa350a728986b4c3e89af14b64ee2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-native.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector-native.js", "md5": "43d91058a93fbd0a75764f79ff4b3438", "sha1": "c3082c5db923ac023e712b842de37cfa4adb5f69", "sha256": "7debaa07ce0ec08f0fdef2c5e74ae1138091007ef8657fad43a0844ae6295ccc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-xml-format.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml-format.js", "md5": "586b8373b725f918d1a8ebe4866100e3", "sha1": "fbd90b1bf301ea9c60aebba3cfbbea88ec0a15eb", "sha256": "e25369d0f84034a0821113fcfc991252771b71ec0b0dca47c83c9d63a20278f3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-xml-format-min.js", "sha256": "e25369d0f84034a0821113fcfc991252771b71ec0b0dca47c83c9d63a20278f3", "sha1": "fbd90b1bf301ea9c60aebba3cfbbea88ec0a15eb", "md5": "586b8373b725f918d1a8ebe4866100e3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml-format-min.js", "sha256": "e25369d0f84034a0821113fcfc991252771b71ec0b0dca47c83c9d63a20278f3", "sha1": "fbd90b1bf301ea9c60aebba3cfbbea88ec0a15eb", "md5": "586b8373b725f918d1a8ebe4866100e3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/wordcount/editor_plugin_src.js", "md5": "30e53085f9157239eadf0818e2ad34a7", "sha1": "83b8eafbc85d9289210feda4e34a550feb104954", "sha256": "ee7353dfccf94b3292af980b7fab32cfabc179ef0bde047be5d116259365aa8a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.drawing.circle.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.circle.js", "md5": "f649faf7abdf713fd572da5c25014c1f", "sha1": "472eb9f0034395d81b1426b650b27aad80a3ba20", "sha256": "6176e4a2808f6c5aa87ca7e3110e8f401e6692fd7f289b7f86312c6706c9469b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "swfdetect-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/swfdetect/swfdetect-min.js", "md5": "2b4b38ccb1d4c9d78b4ff2f46224bbe7", "sha1": "33abad9a78d0bfff8bef8476cce0bb6448e2ca96", "sha256": "695f458617b734628bff034849bed2d4b0c4f27244c3db08e79c7f8783af3ea0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "colorpicker.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/colorpicker/js/colorpicker.js", "md5": "87bd30f8c0fd2dbbe7fe89b7fb198227", "sha1": "4c15133f59329f7e14cd4d4a8be830e1493b8e2e", "sha256": "3cf3e3ce98e3fdb300418cbd8a09f408e7db20650ad9ebc2ae609ed579b7370e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-br.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-br.js", "md5": "9079dd86c1ade92a83854885f60caa14", "sha1": "5cd59904e5d5f35a05836eef48e01121e7338220", "sha256": "3ecf667be783b36a1d96f2eaaf06751206648f48faf3a66b95d2136ca77e7101", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "utilities.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/utilities/utilities.js", "md5": "8876d232f2f958825cad54f621c96580", "sha1": "bcbc1c76e971a8ffe4807b8b15cf69f918386826", "sha256": "e1e32713ac8e902a7b6034c93321e08b0ca3886cfe89cf46b6ffce32589d0826", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/tabfocus/plugin.js", "md5": "6a5d784c2ac2ce5f64e0968c35492f03", "sha1": "b557699049ab7f0bc404b5a9fe4ccd48f1cfde56", "sha256": "e2f5c8c34da26d11546580fbe8e4187c23ec10d0ba64ace611fd58dee9672e15", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "DetailView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Campaigns/DetailView.js", "md5": "991c4a9e7defc6ea7d704c51e2195ae7", "sha1": "c0273884a4b6d9727db8017042efa4ea38032b82", "sha256": "8d827856a9b92e7f9b59598af7e0d02cd0276427dddec099911e90fdfe33b69b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/wordcount/editor_plugin.js", "md5": "fb71ed139697b519f0054179d28ec782", "sha1": "c814a16cd966e38f6d5aa2e4100b6148a670c975", "sha256": "14684c4924b9af964a4e3604ce66cc1fdb822b8db829e889430c39f5c9d6cdb8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.rscatter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.rscatter.js", "md5": "afb069cfbea57cf7334491c870767a3d", "sha1": "1a5dcfdad8b7d57dcc9e0fe5fdd26b7b3a0f036b", "sha256": "3f6da3b18944c725646925049d9c289828ae47395cc1c312b0cfca36b3179526", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io.js", "md5": "445f1d433a6ac5f7809c895d021f4c9f", "sha1": "d0b3527aca5f208d784e201622a9b1dcde59b9ad", "sha256": "bc72aa09a64f2ae162a8557246a3bcacc7fbc68e5f90ca88844d2798fa30c676", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "scrollview-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-base.js", "md5": "dbb3a1096b1f7f07bcc6fdc01d5c8bc9", "sha1": "56da9437a0d03bef1152df2f5166805ee299e4ee", "sha256": "66f414f32b7e05af405465624d3cd25854b92c74e636e7b10cd3c381636325c2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.fuel.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.fuel.js", "md5": "fb70d26793c84abf6219acf228b8a9ba", "sha1": "ad128b714db93d94f7c5466fc1c83ebc8b466669", "sha256": "e2733ce5467f58eacf651e351398d2fb9b27642441a18a5e7f3a778a2774a257", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_de-AT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_de-AT.js", "md5": "69ef3148d49ce2d222e76be21bbcc8d2", "sha1": "17ab91c4bd45836136c28d3cc4e8f105a1d7a18a", "sha256": "1a6ccd4cf9303bf9bc77916550269d163caaad814d84270655fe99acbed65455", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Panels.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/EditView/Panels.js", "md5": "55e80d03192cb162403943eef1b23541", "sha1": "032407610b36905ece1b9eacbc3d82facdc62cd2", "sha256": "c74e7cfe9898f134fd95a805e1789082974af895c23e64354cee4e46627c6bdb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dom-deprecated.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-deprecated.js", "md5": "ecb9bf9d33cbaa2188ab144569c42315", "sha1": "c06f35db9efa2e9a4608e5c7c1139bfd634ff9e2", "sha256": "6aa6e1450889c62680429ed8033dc9a5faa3f416122370f9006212785017591f", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-deprecated-min.js", "sha256": "6aa6e1450889c62680429ed8033dc9a5faa3f416122370f9006212785017591f", "sha1": "c06f35db9efa2e9a4608e5c7c1139bfd634ff9e2", "md5": "ecb9bf9d33cbaa2188ab144569c42315" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-deprecated-min.js", "sha256": "6aa6e1450889c62680429ed8033dc9a5faa3f416122370f9006212785017591f", "sha1": "c06f35db9efa2e9a4608e5c7c1139bfd634ff9e2", "md5": "ecb9bf9d33cbaa2188ab144569c42315" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "MySugar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/MySugar/javascript/MySugar.js", "md5": "7efbe89886ac56291f09a7f8b7f39083", "sha1": "180f811c56236845268bb5ec92f1c869dee00c70", "sha256": "c4afce7ee9ac1a9d6e1fb2ab42ad127cc4f039ffb714ad58a31673e31c114ad0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "TVFadeOut.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/anim/TVFadeOut.js", "md5": "7bda0243ee0f0ae64829c57e387145f3", "sha1": "9f3bcb14af9c57ddf8c69dcba9fefc75bdfdec8b", "sha256": "ccf7ab1d26889c91b2b69154cfff7354405f24b52198bc6589f86498e4b8f84a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tabview.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview.js", "md5": "9a5557c0efd4c2e39e06c58918e24c58", "sha1": "1a0f73599c0d21f6b3524518444aa83be49e844d", "sha256": "bb870200ac60c478b7dcb34bc38453b250a0dcb1be579b3fb8a401d8311c0a4c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/tabview/tabview-min.js", "sha256": "bb870200ac60c478b7dcb34bc38453b250a0dcb1be579b3fb8a401d8311c0a4c", "sha1": "1a0f73599c0d21f6b3524518444aa83be49e844d", "md5": "9a5557c0efd4c2e39e06c58918e24c58" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview-min.js", "sha256": "bb870200ac60c478b7dcb34bc38453b250a0dcb1be579b3fb8a401d8311c0a4c", "sha1": "1a0f73599c0d21f6b3524518444aa83be49e844d", "md5": "9a5557c0efd4c2e39e06c58918e24c58" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.csv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.csv.js", "md5": "cf4d9025588f2c3c33d4bdf12f232002", "sha1": "09bd4b87ea400811352217270ef9957ea8980af0", "sha256": "e96935823648fe95a44aacb631fa69d2546f377e0e2eac2a0d8fff3c58b3fb65", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "AOK_KnowledgeBase_SuggestionBox.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOK_KnowledgeBase/AOK_KnowledgeBase_SuggestionBox.js", "md5": "b74d9887c1ceb8a149749d7a5d247cf4", "sha1": "b427173e436754f2fb60b93514358c68e8073caa", "sha256": "fbb17b104940870d18575120f3dbb17f8913ef5d391654f93586c1555e45910c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/paste/editor_plugin.js", "md5": "1b68c59eb95a28ccc2aff2cfb85a8829", "sha1": "31d2d2c4407dafbcc683cb6780a90f21fa0a7e0c", "sha256": "b1481268ce5f957519c772297cdeb8527ab1001115729d0a4419b04f1ac20ded", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/fullpage/plugin.js", "md5": "a39cd8a30c44e19495c8b068a8a44752", "sha1": "d2ef6ff4b882ac1e3db8a5c1eb72da841b380855", "sha256": "6f8a98f8056007e30f3e18004f82df5aa70957a51145b85373ac3f1f17007cf6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/fullpage/plugin.min.js", "md5": "c7deb7a49ed4ea4a4ec5556cf7c48f41", "sha1": "8cb06f65beb1374bc42fb65b808abc8df16dd94c", "sha256": "2d27fd6eff55c587623bfc813cd00780a4a91d982a254a28bd9f513e97e468bd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "upgradeWizard.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/UpgradeWizard/upgradeWizard.js", "md5": "92b561e924470813df750b6fa2d04071", "sha1": "c1a81cedeaae7b7058e66998793ec9c67e328004", "sha256": "e52b63fbdaddccebd1d7e2d49458b67f74073085407f48abcdceb0bfeb26440c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/contextmenu/editor_plugin.js", "md5": "5a0fc9ce2ba71bf2b6f54eb94838619f", "sha1": "9646b2b9ff840c73eaa66e011aa1e9aac39625f4", "sha256": "73de1f2872db39af9b2875e8a9f88ac4fb16161f8b4266282279aafad22c09fb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selection-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/selection-min.js", "md5": "c3767abe503720467b67e9c76d2b287b", "sha1": "1add0e08204ce29573751226e09b7ecac29050d5", "sha256": "be769288e3d5b1c43dd823a6c45a2e993e236059298318941b1df6472af42e8b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/selection.js", "sha256": "be769288e3d5b1c43dd823a6c45a2e993e236059298318941b1df6472af42e8b", "sha1": "1add0e08204ce29573751226e09b7ecac29050d5", "md5": "c3767abe503720467b67e9c76d2b287b" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/selection-min.js", "sha256": "be769288e3d5b1c43dd823a6c45a2e993e236059298318941b1df6472af42e8b", "sha1": "1add0e08204ce29573751226e09b7ecac29050d5", "md5": "c3767abe503720467b67e9c76d2b287b" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Time.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarFields/Fields/Time/Time.js", "md5": "22a9dadf3e02d6c7ee71b3d50639fc10", "sha1": "19c3d00078063c8c7e931cb99b710d488313ecdd", "sha256": "933c559046049aeb8307027a7a3bdf638fca8943a4f7248305e810cc8b7fa48b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_pl-PL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_pl-PL.js", "md5": "2363b64db193d692f442270c4b3d370f", "sha1": "f929352c6a02ee9bc26abd7fb6ac4df9564a29f0", "sha256": "4c734c1fac28c3ee6e44892edcdfe8633568a82e3b36643ccf88420dacde56ab", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.deprecated.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.deprecated.js", "md5": "21b0c6a1ecc44aa4dbc8ae65ce302425", "sha1": "86d872fce4e45374393df930f296abc6001df6a4", "sha256": "8168f2534a5334cca0179475e6bbd29cf3c964f56385f2e18577192c9719edc8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.json-2.3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.json-2.3.js", "md5": "b0afe412a7dcd5dc872699b5b7d3c9d4", "sha1": "85a7f1a0dd79d17131c25962e98aad3c91cc2300", "sha256": "253f12956600a6a9874ed3adc0aef899c625d30d9b34f609d3f78934d2c2c658", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "button.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/button/button.js", "md5": "1408f5dca32da4ed1de72b48a574edbd", "sha1": "841548d10c154c5a431ad4f36b4208c6efe0a7d0", "sha256": "8f634d480bce03be629ac94d7f581de73882e75d719a98b21de2c28d3b569797", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history-html5-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-html5-min.js", "md5": "4f1cb61bf85f008c4275f1a5082858c9", "sha1": "0666b49d6b3858f44cbf8279314c272f4e285266", "sha256": "f35e8f4589fda7061b9aaf8c57c10e9da9a4e3e5e2e5ffbeaa9b53ea4e62044c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/history/history-html5.js", "sha256": "f35e8f4589fda7061b9aaf8c57c10e9da9a4e3e5e2e5ffbeaa9b53ea4e62044c", "sha1": "0666b49d6b3858f44cbf8279314c272f4e285266", "md5": "4f1cb61bf85f008c4275f1a5082858c9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-html5-min.js", "sha256": "f35e8f4589fda7061b9aaf8c57c10e9da9a4e3e5e2e5ffbeaa9b53ea4e62044c", "sha1": "0666b49d6b3858f44cbf8279314c272f4e285266", "md5": "4f1cb61bf85f008c4275f1a5082858c9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "theme.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/themes/modern/theme.min.js", "md5": "5e1ff87bef4714f3bf2273fc3c6ce1f3", "sha1": "3f408017971b84c761d5cc92fe02964347c49459", "sha256": "0fd7221852754cf63104cf452eaa5b6c479742dd52745ca0f26c1eea822bdc1c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/fullscreen/editor_plugin.js", "md5": "15134339e36472281b8a1626233f747d", "sha1": "6d1c62118c1d8749550760b5ffc9a58e872a9b9c", "sha256": "844947cd2c689499527286e723bf8d773fb6a90483e63a063d8941e6c188d935", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.drawing.background.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.background.js", "md5": "f4b159fd561c739ab29c8573b7b0a997", "sha1": "08bbbdcbfe7b83dd84e8db525b0a6a60682d0964", "sha256": "eaf43760d34e03e8006d1401597ebda3fb0c34fbccbe3475f15724f4af6617c0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/autolink/plugin.js", "md5": "bdda8122786e3033b3b24dd044e0c689", "sha1": "b6f34ab8af214292ebb8670b8acd042c0e835ae2", "sha256": "99d9f7f93b6051dd681712476c52c8a08ad1c082b0b9e8d3dd27526ccecfdd6c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "align-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/align-plugin-min.js", "md5": "a973573ec8d24bde09b4d472d61fb783", "sha1": "04a366a689992a780c5323f0596bf08ae02b37ba", "sha256": "eed2c705fa2bd59f8f088a4e644024248108f06ab5780b321929346b6241c414", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/align-plugin-min.js", "sha256": "eed2c705fa2bd59f8f088a4e644024248108f06ab5780b321929346b6241c414", "sha1": "04a366a689992a780c5323f0596bf08ae02b37ba", "md5": "a973573ec8d24bde09b4d472d61fb783" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/align-plugin.js", "sha256": "eed2c705fa2bd59f8f088a4e644024248108f06ab5780b321929346b6241c414", "sha1": "04a366a689992a780c5323f0596bf08ae02b37ba", "md5": "a973573ec8d24bde09b4d472d61fb783" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-ddm-drop-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-ddm-drop-min.js", "md5": "2b2796c09da9170ba6d9c7ee6e945ca2", "sha1": "ee87be01624b8632bb5b2058517be23d750bcb08", "sha256": "5c5755937b0239e9e059193765e3e18c1147eef06d95604370cb1e18cbf99439", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-ddm-drop.js", "sha256": "5c5755937b0239e9e059193765e3e18c1147eef06d95604370cb1e18cbf99439", "sha1": "ee87be01624b8632bb5b2058517be23d750bcb08", "md5": "2b2796c09da9170ba6d9c7ee6e945ca2" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-ddm-drop-min.js", "sha256": "5c5755937b0239e9e059193765e3e18c1147eef06d95604370cb1e18cbf99439", "sha1": "ee87be01624b8632bb5b2058517be23d750bcb08", "md5": "2b2796c09da9170ba6d9c7ee6e945ca2" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-ES.js", "md5": "f54647615d34b4c8bb753d54e02de72f", "sha1": "cbdd85b314e1e7613490390db689bc8c9f162461", "sha256": "f7f54e462b44036f119bd1fa1cb626c87ace4dbfed759c575b0f6e461c6b8be5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "custom_project.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/js/custom_project.js", "md5": "42dca8a4958740e851c7dc9bd361e000", "sha1": "f1b77b65321ecf17d660d851393f299ae4a50010", "sha256": "f815d65ef4bfcbff765a70fcb6dfee00e61e668deeb778f1376464d9d3d9e353", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/js/custom_project.js", "sha256": "f815d65ef4bfcbff765a70fcb6dfee00e61e668deeb778f1376464d9d3d9e353", "sha1": "f1b77b65321ecf17d660d851393f299ae4a50010", "md5": "42dca8a4958740e851c7dc9bd361e000" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ACLRoles.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ACLRoles/ACLRoles.js", "md5": "3c8142c8d22fc02de0c89d4ccc54b171", "sha1": "7971b49ca89f5d30031faeabc2eae67c7e1ad7d2", "sha256": "1bafea442ca2307958a4c4521bd94560e0429f07d24138bb7cb49e7999a96a68", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "company_detail.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/connectors/formatters/default/company_detail.js", "md5": "faa320b547696fd5187926d75ded874e", "sha1": "4e731f4d5e7f257e9400f44e19f33e3afd18a599", "sha256": "751edf2dde951c5ea620cb1304ab7d1dade2b0f696d47c6281385187ffc6f556", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/style/editor_plugin_src.js", "md5": "8bf42b67d87cd5bf4bbee11739ce46c6", "sha1": "bd101c555dac97ee6369276260abe2be4345e251", "sha256": "9b1c9a058b7262cab2006f2298f078ccfac43a51fe04c47302c18d865b0f494d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.validate.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/js/jquery.validate.min.js", "md5": "15d67ada60f2b7a862e0fdcd1baddf72", "sha1": "9389012cc388a5177f0bce53fd474d16768344d0", "sha256": "7705fee13417229d718f14947e9860d5bb2b25bd15c9f5cd834f2545c7bad0a6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/js/jquery.validate.min.js", "sha256": "7705fee13417229d718f14947e9860d5bb2b25bd15c9f5cd834f2545c7bad0a6", "sha1": "9389012cc388a5177f0bce53fd474d16768344d0", "md5": "15d67ada60f2b7a862e0fdcd1baddf72" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hant.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hant.js", "md5": "c222e27f9a61d4d0b8771b1d89dae40a", "sha1": "0e05f2c41ec714551aaba8d2d230aa70dc5318aa", "sha256": "50055a194ef01425915647834bfa4834b7985f999e0783dabcf88379eaf99272", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarFieldDynamicenum.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/Dynamicenum/SugarFieldDynamicenum.js", "md5": "68d0bdccc29bc5c2920507ee04c03c62", "sha1": "594dfbba2927a58a42f8b9ca70507287d2bba7fa", "sha256": "63213ef4992d0737e456fb7662ce22ccc4cc231c81a18ef666fffd8bb211d913", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/fullpage/langs/en_dlg.js", "md5": "963f370d56f19c2f94de09b10a306187", "sha1": "994bf77e067678da3ce4c5490ab52cd86c2d57b2", "sha256": "759144ef7f8d035a841113407b16411bad7a0e63422a46c503e22d35772364ff", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tour.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/tour.js", "md5": "d6d90628f687b514d7290106d7049de8", "sha1": "3d12c7fbea474c096644193903458709f0a1c885", "sha256": "5649b7b6f4ef6c27dd6998d8c4e0fe8accb0163ffc939fa06baa9afdfc82d497", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "link.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/js/link.js", "md5": "316da7ee59e094228df2a4fb7e39cfa6", "sha1": "a68409135ac9977540bc06034156992eb4178193", "sha256": "8c19b7ae7d0f500239604c10c240013bd75b438559c30633271b63e14032987b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-min.js", "md5": "281d57c711b45dc6c859a8f6a8eede0a", "sha1": "815ea8291e643f9a4361616801d366e917c0aa19", "sha256": "9618c002d4452d3505115c20c1b0ee91026e4aaf274e6863453a38a7a1ad42e3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-min.js", "sha256": "9618c002d4452d3505115c20c1b0ee91026e4aaf274e6863453a38a7a1ad42e3", "sha1": "815ea8291e643f9a4361616801d366e917c0aa19", "md5": "281d57c711b45dc6c859a8f6a8eede0a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd.js", "sha256": "9618c002d4452d3505115c20c1b0ee91026e4aaf274e6863453a38a7a1ad42e3", "sha1": "815ea8291e643f9a4361616801d366e917c0aa19", "md5": "281d57c711b45dc6c859a8f6a8eede0a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.hoverscroll.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.hoverscroll.js", "md5": "32ab7ae42c3a49c803fe60bc5f210735", "sha1": "17993defef4a0c27a25f888a72683fc3c2d48cdf", "sha256": "8c87cbcfd2755355a02a2089b8bc54926d6add0c7efb5fea690b783b096fc6f5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-MX.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-MX.js", "md5": "f42667046b65936a145e5c3c08050dd5", "sha1": "1d886fb0367beb0980c44925da20682a43c9dc9d", "sha256": "b5374d09e826eca6379e07db1f920a4b9de341be7e96ed07849b334eb0eb769b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/langs/en_dlg.js", "md5": "ee3484503050cdae74d2cafa7d2e9999", "sha1": "4166444a83a48e3d7d709d73f344fa01a77d4178", "sha256": "ec2ab9007924a25b7da31afb03b2ccbd3911acccee1098c50bedf2ed305f7483", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_hi-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_hi-IN.js", "md5": "e9ecd24f280d4e3877cd5fd9b5ef8aa9", "sha1": "e2d2338cfb869464f48253834a72af32d87f0cf2", "sha256": "f1882618cadd32e073fb0fdc2ed8f357f8bd06e4a5527a89d8458ca80a158a69", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-sort.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/lang/datatable-sort.js", "md5": "ec0c7ca5ed943c5e1c22f1bed9de35a7", "sha1": "ba0cdc547a43ac2750b617ce4c826a5fd621adac", "sha256": "ed614b8a48be31a450c9abfc5fe5b85518ff0ab6196fdd8240ca02cb36cb33e7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "non-element.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/non-element.js", "md5": "300fcbbafeaf6a687bf900fcd4af8531", "sha1": "dd63ae65a169433e9ef405c65674707ea1bdc48d", "sha256": "aea6b27eb52ab0eb5ef9314b240ddd80b8c7514a969c12efc9213bc2d3f65fda", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ro.js", "md5": "1b96321f71a343d72f6bd7756a5ac5fa", "sha1": "c809ca98e3f5d6a68fe53be75e59a19991a4ddbd", "sha256": "f5ac77d095edef85d57fb8d34c5fd090d0973b5f988e5d4d5e5c137ea13730b8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_sv-SE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_sv-SE.js", "md5": "dc002ea320997eda3c393e67c680672d", "sha1": "c6334a04deedd204a004602ee43186a934226fad", "sha256": "710b06bb9b5213cf57b28c715ce23fca697c2e30bf2737053e6f88bf0771dbad", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ygDDListStudio.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Studio/ygDDListStudio.js", "md5": "95ec8febc8067b0692e45e5933b91d96", "sha1": "4bd8781b91fd2347040d1f8ae1c788a703fd8e4f", "sha256": "7420bb12a4eb1c93ad9c4e62420eecd1d8eaadad70f2d4a0b03dabd96c5f47d9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/code/plugin.min.js", "md5": "96c43004c75f30ec4d04acb9ac40cb37", "sha1": "6ef45e5c18feb4c2406f8c7a28eae34d4ab1a053", "sha256": "d32445165313980bc57839df2fa01027a9308cb014cb839410db5f5969219542", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-simulate-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event-simulate/event-simulate-min.js", "md5": "970c0383e0532dad0824e7fe47b13654", "sha1": "d8c61b55de46a20ac9aff54ed1cd087581a5a51d", "sha256": "7c82e5e9494c407611a51edf0303e15ad205fd4f357cfb8be5942552bc28ca2a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/emotions/editor_plugin_src.js", "md5": "11848fa746a3fa7390731389d25c79bb", "sha1": "7f7f7b36b5383cbbe811f32b68a0b40951826fe7", "sha256": "d0af8eceda599d288af855d32c0fc5416042c1702cc4eab5ef040f624b8fea2d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-CO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-CO.js", "md5": "a83ce276958b72e5351adb3fa4c67cd1", "sha1": "c6e5a40a3f9010f1093c5a6e369701d96f0f8ca9", "sha256": "f3bb7fc6c83dee3ed47893f6a4579d44bae5f18de4c726a55c22bece54e0b587", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "calendar-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/calendar/calendar-min.js", "md5": "5988804cd764aebe858556484bc2abda", "sha1": "2c0ea6a839df080c4bb7925f7e46840ae284e5bc", "sha256": "655ae34b8f3ba3be7835089b6527bad1263d3c676387ca1e88e8d07a07b758ed", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "documents.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Documents/documents.js", "md5": "8d52044a4117eaa4e77ecbea6a52071c", "sha1": "1cf32bced133e55c90d43b6b80ac174305d02bd6", "sha256": "a965eda5bebf06ec71efa4dc5240db952e938c76279fc35977c74ca659ae1881", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_th.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_th.js", "md5": "420f05f9e0bd8444b86ab22c3cae3c3c", "sha1": "d777547762b836df7ff7f5ba5c4ac7776d2ab82d", "sha256": "959a95959dd602a5ef8ab993dfc1162b1c3317d58e8c681e35cca5ba5aaa2cde", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "base-pluginhost.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base-pluginhost.js", "md5": "bcd7599885a824abe828881b29d2935c", "sha1": "dd6ec54912a41ff12483ed3c2a09d1a320755544", "sha256": "500e8d211c98ab90973ce70290b83592dac0c0ed0dc0b170b1be1054942f5e41", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base-pluginhost-min.js", "sha256": "500e8d211c98ab90973ce70290b83592dac0c0ed0dc0b170b1be1054942f5e41", "sha1": "dd6ec54912a41ff12483ed3c2a09d1a320755544", "md5": "bcd7599885a824abe828881b29d2935c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base-pluginhost-min.js", "sha256": "500e8d211c98ab90973ce70290b83592dac0c0ed0dc0b170b1be1054942f5e41", "sha1": "dd6ec54912a41ff12483ed3c2a09d1a320755544", "md5": "bcd7599885a824abe828881b29d2935c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_template.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/simple/editor_template.js", "md5": "3ac3fd3129ee9605052b8470f8d58538", "sha1": "0aa97113c560f1551b1b510b342504f780c7b96f", "sha256": "73f97fad40b7a44d23ed10d9e04a22faca218a364ab1485f05d01cbd1f31925c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "loader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader.js", "md5": "5deff9e2eb44f592d41e5b5ba0d2a0b8", "sha1": "ea02b32a131f4d17f95d5226bdb509bc7fdadd83", "sha256": "05793b78be1e187fe7742e858f5bd38641fe6fe9e611893aeaee1b2123b7ac43", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yui-log.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-log.js", "md5": "cd958fcf243f06e64f3a5a2208ba9a11", "sha1": "3b479fc71f08dd7cd02fc3895b4356e95b7f361b", "sha256": "14624beb2d61149988a7ca9d4460df59a72f44a80a56d3b882fc5235af6eaf04", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "colorpicker-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/colorpicker/colorpicker-min.js", "md5": "daefbea74350afe3ebc4ca71eb0537b4", "sha1": "7238e2a2bca70c463bea99722d8d5a426b05668a", "sha256": "cfc72a84ac9c21a78c11c33b1209b9957a9e696d40904682e31cd6b89ae21cee", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "console-filters-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/console/console-filters-min.js", "md5": "f83377570bdf4b8064277f581ee499e4", "sha1": "1b3f11911d2af0281ce36d7b81763630cc3d4f24", "sha256": "499cc1844e0a4652a99f389cc8077079c39de27a97728606ebeffa89b0f8a5a2", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/console/console-filters-min.js", "sha256": "499cc1844e0a4652a99f389cc8077079c39de27a97728606ebeffa89b0f8a5a2", "sha1": "1b3f11911d2af0281ce36d7b81763630cc3d4f24", "md5": "f83377570bdf4b8064277f581ee499e4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/console/console-filters.js", "sha256": "499cc1844e0a4652a99f389cc8077079c39de27a97728606ebeffa89b0f8a5a2", "sha1": "1b3f11911d2af0281ce36d7b81763630cc3d4f24", "md5": "f83377570bdf4b8064277f581ee499e4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/bbcode/editor_plugin.js", "md5": "31748a6cc57a13da54a0243c3301f3e6", "sha1": "5e811f2977bc6561287c7cfe0a6e398730edf519", "sha256": "c7970e866c3303231e18397217efcdfe184e06aad4ebd506d1703025e59e38d9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tinymce.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/tinymce.js", "md5": "7d6132bedad893fc3e4348405f7d4460", "sha1": "e53b9abd4131835c06c1c719f81bca500df3d9a4", "sha256": "4b60c707af516e2f89db133556df228103c048ddf0d2e0bf911c7811b8b8a39d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-position-constrain.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-position-constrain.js", "md5": "9d048655b5ab9eb2c0e79891373363e2", "sha1": "f4a63558a072432d8a4c9b9c473aafee9e48fb2b", "sha256": "4bf1a9c2e65bb78eea000e6af9b210dbee0d756e1e76e9d296814c8b4694dd18", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/contextmenu/editor_plugin_src.js", "md5": "0ae3f8f11f0ff1fbeda4eeff539e3d3a", "sha1": "3c58569bb12d8fb69b687b1c06681c2181673eef", "sha256": "1b6504d1fdf09e3b53ce14b2968a26dd896048c7197cf4682d41d8681221f3a3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ro-RO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ro-RO.js", "md5": "e532a87eed0e4d4de65cf4d076744df5", "sha1": "c25aa24176a65771e3177f9fe203c4e7651893fa", "sha256": "56decb8ee6f81823c9d686d4f0de9db4817079586b813ff6fcad8ddb00c29004", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yahoo.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yahoo/yahoo.js", "md5": "11eb78726f1b7cf857e0fdb098b98438", "sha1": "117431b4de69f8927468fe55d068c495ebe77e27", "sha256": "8aee7ea0234c239a216dec28eb900ea27d410feaa521a108eb33a3fc4de9fd1a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "twitter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/social/twitter/twitter.js", "md5": "dde94b3c90631b218bec524fb24bfb9b", "sha1": "e2443e2b76da7ecb7b7a8437532b52c1c291a47b", "sha256": "d550f65c022dff85000e189b5cf17a2a71ee61878ce55c5fa33df7be8f162290", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "arraylist-add.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/arraylist-add.js", "md5": "2fb48f38f793d7ac1f7a465ce0f44384", "sha1": "39141387f163d15c4e772ed6e04095920afc5804", "sha256": "a42dc729092b3baf9054cee377c6061b69f0c30ea8175f4e9e7aec1bed909f7d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "loader-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader-base-min.js", "md5": "523f297f74a43f03bfa1c2c8a3969c37", "sha1": "33b2f65d2839d20be7faa273efd5a7d5a9e3d106", "sha256": "01ebe6d46d51f28d68ac43817a8f0a31844acf7a01148e929ade0543c5836295", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-base-min.js", "sha256": "01ebe6d46d51f28d68ac43817a8f0a31844acf7a01148e929ade0543c5836295", "sha1": "33b2f65d2839d20be7faa273efd5a7d5a9e3d106", "md5": "523f297f74a43f03bfa1c2c8a3969c37" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/loader/loader-base.js", "sha256": "01ebe6d46d51f28d68ac43817a8f0a31844acf7a01148e929ade0543c5836295", "sha1": "33b2f65d2839d20be7faa273efd5a7d5a9e3d106", "md5": "523f297f74a43f03bfa1c2c8a3969c37" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ms-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ms-MY.js", "md5": "091528d929e1e3844a7a4a8b8019682c", "sha1": "2b8e82578ea88b57804a0f6741ea5324c12e7ba0", "sha256": "441433aa056c615fe8583d1a41e1b932e2c1c394a6115815f307c518323e62dc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-custom-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-custom/event-custom-base-min.js", "md5": "50c6e8959b98d7b41f8ee8e923702c42", "sha1": "6405c26bf74e322d5e75087830c41212218f71fc", "sha256": "d543fcac1858598d05c0da36f09b8132d52dccef0eebeed330aa7393d0309c88", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-custom/event-custom-base-min.js", "sha256": "d543fcac1858598d05c0da36f09b8132d52dccef0eebeed330aa7393d0309c88", "sha1": "6405c26bf74e322d5e75087830c41212218f71fc", "md5": "50c6e8959b98d7b41f8ee8e923702c42" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-custom/event-custom-base.js", "sha256": "d543fcac1858598d05c0da36f09b8132d52dccef0eebeed330aa7393d0309c88", "sha1": "6405c26bf74e322d5e75087830c41212218f71fc", "md5": "50c6e8959b98d7b41f8ee8e923702c42" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-filters-accentfold.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-filters-accentfold.js", "md5": "0b9117bca4b93e58c9f4b3d92546d551", "sha1": "f87b3b05476c005199ee5d42e2e43d9cea451490", "sha256": "a1bb3e52ad3cb5a0ccc748fb86acc8220d1d98205156b3cdac5289de224087f6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-NZ.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-NZ.js", "md5": "102d820ea1932d2c33c6e3d263911b6b", "sha1": "465b354549f2296d4d35c0a434faa8e6d2ac16d8", "sha256": "8e7424cb15fad20ea6736b1d96eb107da00d53f199b4ecdcfab0368e6305ef80", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "PasswordCredentialsValidation.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/OAuth2Clients/js/PasswordCredentialsValidation.js", "md5": "d20b36468c15522c07606ddfe6204c64", "sha1": "29dbeb565f36be00fd99030f01d2432c001fe21b", "sha256": "efe264edbfa5b4d47f1e38be65a575a398515cf4fd04426c5599de261540d616", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/autoresize/plugin.js", "md5": "38d575efbce78dccb2f8018d1a464cf5", "sha1": "9efdea6ebb0befa25e084216c2a8e36447908535", "sha256": "78f0f2eb3720fc28379711722dddc6602feb25f783ff4178a6244d9fa9d4e0b2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ClientCredentialsValidation.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/OAuth2Clients/js/ClientCredentialsValidation.js", "md5": "f8652093bb42e1082e8a1b69a6a73f74", "sha1": "3ec18c2b4d4d84d9665ef88d9e40348c653e18af", "sha256": "fc6bd381a89708aa6fcca0d987e1a6437d5858089ea9b62e8fd41cdb6d72ec62", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_el.js", "md5": "e0d191416f015d971906732a3aa32c47", "sha1": "83238b9c45426e11a249cf21f6dc6da53011d041", "sha256": "ba014e2e210858034c117d44ef559873e8c37a88d59786989a0f6b4c8583b5e5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/jquery.js", "md5": "219073097031d9c1a95a1291d66f3a10", "sha1": "2b7996b01d90b7f424f2a2e6063947461db4b2b2", "sha256": "232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "1.6.4" } ] }, "packages": [ { "id": "pkg:javascript/jquery@1.6.4", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.6.4" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-6708", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/102792", "name": "102792" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "info", "url": "http://bugs.jquery.com/ticket/11290", "name": "info" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20120206", "name": "https://snyk.io/vuln/npm:jquery:20120206" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", "name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" }, { "source": "MISC", "url": "https://bugs.jquery.com/ticket/11290", "name": "https://bugs.jquery.com/ticket/11290" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0" } } ] }, { "source": "NVD", "name": "CVE-2015-9251", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", "notes": "", "references": [ { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/issues/2432", "name": "https://github.com/jquery/jquery/issues/2432" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "info", "url": "https://github.com/jquery/jquery/issues/2432", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0481", "name": "RHSA-2020:0481" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588", "name": "https://github.com/jquery/jquery/pull/2588" }, { "source": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/105658", "name": "105658" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { "source": "info", "url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "name": "info" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20150627", "name": "https://snyk.io/vuln/npm:jquery:20150627" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "source": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.5", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0.1" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0.1", "versionEndIncluding": "4.3.0.4" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1", "versionEndIncluding": "17.12" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.0.4.0" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.0" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.3", "versionEndIncluding": "7.3.5" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2" } } ] }, { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-PH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-PH.js", "md5": "8a81ccc4036c33d401a5bf12a47237cd", "sha1": "c41efd3dcbe14ef25cb3a7edbd75e1831027c778", "sha256": "aad18365f37c51c9ed6449168e37173e4a035421b0c8075a9c39ee3defac1e75", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "edit-draft.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/DetailView/edit-draft.js", "md5": "efdb00da616a7261ed63754906ca4521", "sha1": "ad17f94e539e90fdeaf39387cb204c96f2234de1", "sha256": "85339f1e910d6de928591a450cb7ea90aa6b9fab7150c494a834af41ea33d24b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-event-simulate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-event-simulate.js", "md5": "9b557bef809496e454da02bda870b1a0", "sha1": "d3d1e61a7d64eecc6af9d3f32ccd40cb68a898ac", "sha256": "f747c82d2af0c4c727f776180023b6a87aa6a846b749da4cbfe1caab5fa337dd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-event-delegate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-event-delegate.js", "md5": "daf25338e25d9403ffc91d7585119dc8", "sha1": "1a91dd05f9b8e69b21fd338c5004995200679c94", "sha256": "32cebb6b67c3c680403a51847251e246bf52812305fbd742b6ddb7db1e9d4300", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/visualchars/editor_plugin.js", "md5": "e494d07c71e24040a407b20017ca63e3", "sha1": "846c1dcf0531bf68486bb8ee7b9b7c88dadc651a", "sha256": "6a244090371596c4d390ec78e39589a20e50f04bc7a56e10e52cacfdafda11b0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_it.js", "md5": "7a43625b726f433cd20d663749b8c59f", "sha1": "d42912d81f31f068f6fa854b9db506048c734ff3", "sha256": "e95d4e9f729e79661322e9f06418e96e7b23c3f69527166c16d7e05a41b41501", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.radar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.radar.js", "md5": "8de9ae5662223fbde36ae25384862fa5", "sha1": "0391cf46fe24c995f40036928d27f7b176e8fe66", "sha256": "c2dc588b6620f388f62aad2e3c0aaa42565138ef9a3cc7bb4a5b76926ca181db", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "swfdetect.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/swfdetect/swfdetect.js", "md5": "9bff612cf4409c4647783a48436ea316", "sha1": "a15222a1cba2716b23f864a78b9cafedecd96b37", "sha256": "1901141f8a9cbdbd616d9a7160a4bd9587cfcad617435ce4a974a6c522a06a0f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-IE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-IE.js", "md5": "65ec795141dc8445d6bbf0fae75ddf89", "sha1": "5ae23a53a3cf4a4d881322fee6b0b5d73cff63af", "sha256": "2fed0d8a58fcee6f373684b3c5fb282cf38215f90456c3b435553379fbdf0ccc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ca-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ca-ES.js", "md5": "54b6137d2bc7934f22df25ccbeef537e", "sha1": "038e7488593aba564c7b2d2fdc32d56468b3675d", "sha256": "61b517cc1361fbabdbc8f84632cfab658ef52f804e0e875934f03e4155e50f91", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "querystring-parse.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-parse.js", "md5": "b6020463c2cb2e16ffd6c6e12dec8f25", "sha1": "9c8f6241cb10751e4355f5a431bc10e86e72239e", "sha256": "d7fe1dbfed0640124d695857478af29764aa107eee719f8a3ead83238091ddd4", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-parse-min.js", "sha256": "d7fe1dbfed0640124d695857478af29764aa107eee719f8a3ead83238091ddd4", "sha1": "9c8f6241cb10751e4355f5a431bc10e86e72239e", "md5": "b6020463c2cb2e16ffd6c6e12dec8f25" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-parse-min.js", "sha256": "d7fe1dbfed0640124d695857478af29764aa107eee719f8a3ead83238091ddd4", "sha1": "9c8f6241cb10751e4355f5a431bc10e86e72239e", "md5": "b6020463c2cb2e16ffd6c6e12dec8f25" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-ddm-drop.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-ddm-drop.js", "md5": "e6814cd1145a4689b4d67e445a5ffced", "sha1": "9482d83507b7c26fbf48fba14efa4e50b332a234", "sha256": "2f83d501bb1c36696188088b5d5d0d1fee063c21a835fc71ea14a29992acbf5b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "transition.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition.js", "md5": "9b760c34ed1c786b98a68c5adf2964e5", "sha1": "879ea7bf2f1eecf9ffa8e3713be685fa23fdad88", "sha256": "5ca893bcd3ebe4d1d5c2d6ed025369ee1214c98e223ad296193e560065b8b8c7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition-min.js", "sha256": "5ca893bcd3ebe4d1d5c2d6ed025369ee1214c98e223ad296193e560065b8b8c7", "sha1": "879ea7bf2f1eecf9ffa8e3713be685fa23fdad88", "md5": "9b760c34ed1c786b98a68c5adf2964e5" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/transition/transition-min.js", "sha256": "5ca893bcd3ebe4d1d5c2d6ed025369ee1214c98e223ad296193e560065b8b8c7", "sha1": "879ea7bf2f1eecf9ffa8e3713be685fa23fdad88", "md5": "9b760c34ed1c786b98a68c5adf2964e5" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "text-accentfold.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-accentfold.js", "md5": "97247aa969dd37f885261b28bfcb4f59", "sha1": "66b34ddad25bf8224544f1f4ec84f70f02e3d8f6", "sha256": "00ccb8674a3d7ecccf59910d7165f3d3500eb820b28ff19a60f57e74bc2a86dc", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/text/text-accentfold-min.js", "sha256": "00ccb8674a3d7ecccf59910d7165f3d3500eb820b28ff19a60f57e74bc2a86dc", "sha1": "66b34ddad25bf8224544f1f4ec84f70f02e3d8f6", "md5": "97247aa969dd37f885261b28bfcb4f59" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-accentfold-min.js", "sha256": "00ccb8674a3d7ecccf59910d7165f3d3500eb820b28ff19a60f57e74bc2a86dc", "sha1": "66b34ddad25bf8224544f1f4ec84f70f02e3d8f6", "md5": "97247aa969dd37f885261b28bfcb4f59" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_pl.js", "md5": "632c9095dcd543e387dc14e7df62ef2d", "sha1": "bae3ce365b15735c62062d10281328480f67a228", "sha256": "2afe9b4f5f5468cfc76f8a162ce6b7c72951bd2d0921ba9547228a249654a5bb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cite.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/js/cite.js", "md5": "0a4c237a7bf3e54d8c08d1e912e199be", "sha1": "7cb208a16bd995927af9cd8af6826ef6f31b04fd", "sha256": "e5a9507fcea10cf3109e94e5f2a7dbb51228a55d31a9c32a256a71111da7948a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "attribute.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/attribute/attribute.js", "md5": "f1f3acb15e7621b7ed44e5290032618a", "sha1": "4f802f79db4eb6e3bcd79dbb9b29d0090c199254", "sha256": "99d6072073b27c1381e52dcaa2c309ded8fd6d9b9a5b077260c6880e842bf0b9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advlink/editor_plugin_src.js", "md5": "879025e024380947a404ae3523347c24", "sha1": "5b0110235b91cbec908b43de1eef0e202cd16659", "sha256": "83ec7f3615eb6805daaa776f292e30f89683e6d36c4329b9d7ccfec42089fdc8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Reminders.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Reminders/Reminders.js", "md5": "a06c0debed48cb105b64bf10b3e75f42", "sha1": "5a5a1ae53f787c32ea6fb4b1dec352ef0115ed0b", "sha256": "8122812286eaf98b537c5b1ecd5c4c2bf6f18e961668a29b5341ac51c81f7d7f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "importWizard.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/importWizard.js", "md5": "14a471f8264f098a09120a794db0f23b", "sha1": "e3779f754adbc5e843f94e6166c2ee7e75578f6f", "sha256": "856928595d283d88e24ab51fc3d7830108d24fb395b517eda8be7f47b0321994", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/textcolor/plugin.min.js", "md5": "a5ca0a92e1bdf1fbf3f9a07db5573092", "sha1": "19fb7fdd769fb4cc1cc1859db7c529f487835474", "sha256": "a445a5f2856e3e0fc9249c0604b376a4627b95df80b91211b92cf37bda5ee292", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/lists/editor_plugin_src.js", "md5": "04e1f245c19d6dc9454dae57faec9b6f", "sha1": "b9452a16cf81e2f057124b5d06e458e7e701e861", "sha256": "0a0133a76cec16b0618fb6863f073ae66237c6a9647adaeec435178f93580481", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_vi-VN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_vi-VN.js", "md5": "631b478e030c0085d9353f078726b264", "sha1": "85d1792bf6cf38c4b4f950a2bf0f1403a9f43aed", "sha256": "0d0dc25873d0f8238fc2048fdf38a7d7601c11b31a7fd1d4586a0a583317b6bf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "html5shiv.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/html5shiv.min.js", "md5": "14bf80ba215a8dacef1eee856fd0f1ea", "sha1": "23e2834b28b0dc18d521f294b59e57d89118e715", "sha256": "e226eaa00bbb8a0c6bf209eac699533234dfbf1ab04c4bacbb1b89c059d2b413", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/example_dependency/editor_plugin.js", "md5": "405d190ae03384a9acb00533568b2cfd", "sha1": "8c979eae2796ed0d2c5659becd920eb5962e6c46", "sha256": "190a41d49f0d99f1c59dc7ac6f72b18f1e016d722da0b9b5fc93b67bca48e5ae", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SubPanelTiles.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SubPanel/SubPanelTiles.js", "md5": "56db912840e571aff66e6a7032c6e682", "sha1": "e31382fa2edd6e0b2c924587022a894a3d2eb3fb", "sha256": "d25a9182e2e2971f7593cab5629f232dc814bb9553e8635672b4656b1c3258e0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format.js", "md5": "b7d9de56dce94834c7d1b660245762f3", "sha1": "c68976075c932f21336db5f14d3646c786e8f775", "sha256": "0e18ccf885d64c74ddcc0fc3ff9f46f6791424e522caa98f2d18ece9d4fac6ed", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-IN.js", "md5": "4b8cdd5c59f90e46eab59188461b83a7", "sha1": "e63a0fda3df6c59888fc6d7f3da12d97468da90c", "sha256": "5133575e7e3b0d650e9152bf20464ac43ee0ad2748c4899546cc484e0c5e1ec5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Account.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Accounts/Account.js", "md5": "6d64bb3ea8c66d71c154ba70cca2e118", "sha1": "a1c46e9fe9c1738cb4fb044c8e90ec1742e0555f", "sha256": "bacb6f0caa45895e0e287d0dfdb593e87bad10b82ba2c321a370723d8c11af86", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "anim-xy.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-xy.js", "md5": "2a4dcea5f37ddf237d70de1b45e3aa99", "sha1": "8c6adc04b754f74dc7f3b2582b32dbf4c8921850", "sha256": "4702d781cb45eb814fcbeaccbef0a7e86e979c652004a72948a9d6be1d9975a0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-simulate-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-simulate/event-simulate-min.js", "md5": "94ca01b7dc8c725e24cb9af0515d1c27", "sha1": "dc8d49b80192c7f60be8679eadc01151017298b5", "sha256": "64aabf0dd2d108b392341d4c2eb021b287d865af56fe43c61a40a9844368c51b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-simulate/event-simulate-min.js", "sha256": "64aabf0dd2d108b392341d4c2eb021b287d865af56fe43c61a40a9844368c51b", "sha1": "dc8d49b80192c7f60be8679eadc01151017298b5", "md5": "94ca01b7dc8c725e24cb9af0515d1c27" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event-simulate/event-simulate.js", "sha256": "64aabf0dd2d108b392341d4c2eb021b287d865af56fe43c61a40a9844368c51b", "sha1": "dc8d49b80192c7f60be8679eadc01151017298b5", "md5": "94ca01b7dc8c725e24cb9af0515d1c27" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/searchreplace/editor_plugin_src.js", "md5": "878114df719bb15ab36e7a9e9d460410", "sha1": "75ba60d40ff8b40c1edd25ba1bbd2270d432073d", "sha256": "ece0245b91505727edda86ca0b211c8e3a2b3eec97da127456e5515016c02977", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "eye.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/colorpicker/js/eye.js", "md5": "50009a4cf7548a9028c506b6ba67eb92", "sha1": "f23790e3b34a069866d4a38fa3b35bdd2308f231", "sha256": "dee5c772d6b70aebd1780551dffdd26c28b5053aa6dbeaef3e72bc6fac5d763f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/imagetools/plugin.min.js", "md5": "d7fe561999451dfedb59619c521e3def", "sha1": "81e3550e9a024fc8de68ec53328f447ccab44903", "sha256": "daa64be16c9b9129a5f67eb1f044821347e1895bc18f36619020bef5eeadb349", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-ddm-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-ddm-base.js", "md5": "19b772e92320059bb32c133d4d1bfc3d", "sha1": "1952f6c11738f6dd777a49ae460754562be7ca3f", "sha256": "8d80262d15e4085e6fac36eea4e1501c4fcc98284fa31417cecb1c343004b7b3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advhr/langs/en_dlg.js", "md5": "af62ab3f1b7a27190f8e001c8aefdfa6", "sha1": "62eb2d57364539a1be20f7d18e8ada09ba92aed5", "sha256": "344a2125aced46844bb7493e35fd701bd91ae24b38f3687566c0ab2ab05c33a5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-event-html5-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-event-html5-min.js", "md5": "a0b70eb00f0014fa7655563142da1f52", "sha1": "0340408b8a8495a6fe7f146429052b4c08b69ebf", "sha256": "b458a60bdbec8f69a84d9bf73b48e6dd3e408d43f9a53f30e0fe32a359d40b1d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-event-html5-min.js", "sha256": "b458a60bdbec8f69a84d9bf73b48e6dd3e408d43f9a53f30e0fe32a359d40b1d", "sha1": "0340408b8a8495a6fe7f146429052b4c08b69ebf", "md5": "a0b70eb00f0014fa7655563142da1f52" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/node/node-event-html5.js", "sha256": "b458a60bdbec8f69a84d9bf73b48e6dd3e408d43f9a53f30e0fe32a359d40b1d", "sha1": "0340408b8a8495a6fe7f146429052b4c08b69ebf", "md5": "a0b70eb00f0014fa7655563142da1f52" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "AddRemoveDashboardPages.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/MySugar/javascript/AddRemoveDashboardPages.js", "md5": "6baf925bfcaa6c4ac01326af22c8e7c6", "sha1": "e6946cd7b940d8e6715ee863867ef61de1dd641d", "sha256": "05e0d33e689ba96d247cf134cd88176d51caa577de1a66b92ddb0f9ac0e36fd5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "AddRemoveDashboardPages.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/themes/SuiteP/include/MySugar/javascript/AddRemoveDashboardPages.js", "md5": "9f946d6b155ef04c119d07e89c874f6b", "sha1": "a94f537af4571c6f1a6c0a19ace7f6bfd37aeb20", "sha256": "69422a31912c35cf12e430d5804672f00587e6103bdda288ed6b0198a0ecdf04", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jstree.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/dist/jstree.js", "md5": "0f2493c4f2ceec934f31f7f7bb9d2f0e", "sha1": "19f4b8f231630b8d59ea842e98f9e0b010a2d0ae", "sha256": "4b3e19d8c102746521eb1e1b3633ee9272702797492d2dfa2dbb0207fc622f0e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jstree.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.js", "md5": "398b0acbd5621286c8077240cc323d41", "sha1": "c20462f012a36e0f8de2ceea7f660edd90c8803a", "sha256": "ee9f5e41d48294096aa8d6fa4b2f342e7e7532abc398715dac632941fdc8d28b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.hprogress.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.hprogress.js", "md5": "29eae3ac05893829da25681fd52b1417", "sha1": "df612c97d084ee5b583d37895b3a904e20450a35", "sha256": "48ed780732de6bc19bd2d2c49ab95e29d9c00580fcadcc5b79612a81f3a51583", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "anim-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-base.js", "md5": "a6319cdb21d974f12ef244452cec18f0", "sha1": "3271c424bb4572f25aef6da38cf5a48cfa220d96", "sha256": "76cf873ba83a2619973d295deb1de70d37b3980402f0a3de321d8965d042f1ea", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.dialogTitle.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.dialogTitle.js", "md5": "b9435df9245d1b125e696f549b0e26ad", "sha1": "184dfa4b8d6a9e19ca8fecaf908c5a9eb440e2c5", "sha256": "e42310ef5b007098e83e34e98e9fbf783d8ffdf523009dd6b4be1bf4c0e19070", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_pl.js", "md5": "32e63e904750213583db019a9fc68d50", "sha1": "81139675bbaaa103ec68523dfdc68862ad1bcf8f", "sha256": "694b3a19c35ad72797c209d0c535e29bfbf8455596e74f5e87262434d8743209", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Datetimecombo.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/Datetimecombo/Datetimecombo.js", "md5": "f4c60a98cd7415c81a0e76ae2c0c0857", "sha1": "dfb973f13ded20ed6e5f816171341a3b536744dd", "sha256": "2cdcbf6a9f06bf02355eea8c94370b6a278276126eebe85f2ac9ea64b7e354d7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "substitute.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/substitute/substitute.js", "md5": "97c010ea257ab138e0a85f524cc0bf59", "sha1": "e859ccc79cb2b3b7262681a20bb8d16ddbc94f76", "sha256": "0427c3efe657d2bf3405fb6fdac4dd07a09055d466557c3fd005fbb6442c2c4e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-cache-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-cache-min.js", "md5": "54fcf09d6da1e8c075f5aebd6c2022c8", "sha1": "61458f2cd226c49933b2226f2b96897295bef039", "sha256": "836b05ca1c9a4b75aead45a35eed8770a1c8eaa43202fb4f03e82c98d2c4f778", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-cache-min.js", "sha256": "836b05ca1c9a4b75aead45a35eed8770a1c8eaa43202fb4f03e82c98d2c4f778", "sha1": "61458f2cd226c49933b2226f2b96897295bef039", "md5": "54fcf09d6da1e8c075f5aebd6c2022c8" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-cache.js", "sha256": "836b05ca1c9a4b75aead45a35eed8770a1c8eaa43202fb4f03e82c98d2c4f778", "sha1": "61458f2cd226c49933b2226f2b96897295bef039", "md5": "54fcf09d6da1e8c075f5aebd6c2022c8" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor-bidi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-bidi.js", "md5": "e631aed7efb9b78d4a5a5119d2969f33", "sha1": "13f824c4bd434b5fcfbd3ec4a671e527f560347d", "sha256": "e801878fd6f099e623747bd980990b90f52e8a50d19825ea6705301c707b9c64", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-bidi-min.js", "sha256": "e801878fd6f099e623747bd980990b90f52e8a50d19825ea6705301c707b9c64", "sha1": "13f824c4bd434b5fcfbd3ec4a671e527f560347d", "md5": "e631aed7efb9b78d4a5a5119d2969f33" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-bidi-min.js", "sha256": "e801878fd6f099e623747bd980990b90f52e8a50d19825ea6705301c707b9c64", "sha1": "13f824c4bd434b5fcfbd3ec4a671e527f560347d", "md5": "e631aed7efb9b78d4a5a5119d2969f33" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "template.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/template/js/template.js", "md5": "59345ca93da3763e7063ff40eeaa6bf3", "sha1": "f88019ded973662ee8ccffc2cdade4b7a7b0ff3e", "sha256": "2fe07112f1714b3bcdcf2e38169b0b86fe7d3520530aaf6150920b819b865cda", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_de-AT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_de-AT.js", "md5": "0ba07059cda8a0ae66e994f1050c4974", "sha1": "8879ded26920f0fa7bcf63c44119a9742123f399", "sha256": "f0aac9306559d77d75ed2b6357628ec806ddecef275855687a4eb082ceaa7184", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-BO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-BO.js", "md5": "ca1f0e66ed55e17611d525584a993d0c", "sha1": "2dbb721463dec7be8d266eb2230e7f730520f367", "sha256": "254c731724ce84be51e93a92bf5f06ebb3de1c0e7e7a3a250d283e320e1b32cd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "duration_dependency.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Meetings/duration_dependency.js", "md5": "d0c26b21c5b004c81e670ca8e17c7f8d", "sha1": "bcecb3d7783661ec15a4b60165581ed25d49c5be", "sha256": "c015e138bc5df281dc0abb6ed2ee68718fe7db993669ce804e196cdbf329fcdd", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/FP_events/duration_dependency.js", "sha256": "c015e138bc5df281dc0abb6ed2ee68718fe7db993669ce804e196cdbf329fcdd", "sha1": "bcecb3d7783661ec15a4b60165581ed25d49c5be", "md5": "d0c26b21c5b004c81e670ca8e17c7f8d" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-BO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-BO.js", "md5": "16a87086a49dc9c541abad3f035bef9f", "sha1": "c68796d85c47fbaf0669851eb4583f0c3cfc3364", "sha256": "f130cce552ce956ca22c18c69f115ed2f3ac6bd41c668fa25714a21db3cdd305", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-stdmod.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-stdmod.js", "md5": "e20960c6b2b37b7833e5b19a9aa5e965", "sha1": "fa2b6ad3b4b68f2c2e51bcf6fa8813a23f0e7454", "sha256": "df99853c59b2f79ff63a87e5fc7f96c25361e73093baa612949f1e00fa4901b7", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-stdmod-min.js", "sha256": "df99853c59b2f79ff63a87e5fc7f96c25361e73093baa612949f1e00fa4901b7", "sha1": "fa2b6ad3b4b68f2c2e51bcf6fa8813a23f0e7454", "md5": "e20960c6b2b37b7833e5b19a9aa5e965" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-stdmod-min.js", "sha256": "df99853c59b2f79ff63a87e5fc7f96c25361e73093baa612949f1e00fa4901b7", "sha1": "fa2b6ad3b4b68f2c2e51bcf6fa8813a23f0e7454", "md5": "e20960c6b2b37b7833e5b19a9aa5e965" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-IN.js", "md5": "a9e6e4ae2268a4e30d032855d5158371", "sha1": "16037f528c3c83df14698b42694261ecc0e54419", "sha256": "a774d4a5861e8d7282aa9e5cdf0ac310b02ab5e0cb991c21ac7805707df2281b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-number-format-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-number-format-min.js", "md5": "3897f6dd46e162b7793494481ff5e4c0", "sha1": "3a06e8df5b729bbbacb162cff653dce52d093cf1", "sha256": "ea069a6ee263727257057d647da4d419629c4a0050afd916669e5c977f573065", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-number-format-min.js", "sha256": "ea069a6ee263727257057d647da4d419629c4a0050afd916669e5c977f573065", "sha1": "3a06e8df5b729bbbacb162cff653dce52d093cf1", "md5": "3897f6dd46e162b7793494481ff5e4c0" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-number-format.js", "sha256": "ea069a6ee263727257057d647da4d419629c4a0050afd916669e5c977f573065", "sha1": "3a06e8df5b729bbbacb162cff653dce52d093cf1", "md5": "3897f6dd46e162b7793494481ff5e4c0" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sugar_connection_event_listener.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/sugar_connection_event_listener.js", "md5": "9dce712876e8f5313198734d55d18c67", "sha1": "3a0d0734d068f71c4f4ee2e21652535f979c6304", "sha256": "ffeba580dc0ed946df81bb8e2257d1ace7ca37a67d2d34f01c2bc0cdb6f07b33", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.hoverIntent.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.hoverIntent.js", "md5": "b5fecb7687d51f2f352afd8d1485faf8", "sha1": "744a8a04351097fb51b5fea367f8ff3c4b93458a", "sha256": "634d17c4556b7410d80fa9ac780fd144508fd3aec5ac0f5168370426faa8e162", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "bg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/bg.js", "md5": "c5f21fb7832b58bf84cfaadcbc344e60", "sha1": "8789740e05fa428606d528f6202a8648157c73f8", "sha256": "fe22180ef9e11556bd646acf1cb54eff059748be35a7c4a1c26296f77efa591f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarFieldCollection.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/Collection/SugarFieldCollection.js", "md5": "ba19a4db62b26c5515f82962f959901f", "sha1": "67a4aaf1c98da2fc35d3f559da4f7e58310fd81e", "sha256": "259ed2626ebea3c8334d1de9533a31462a382031188e47b556de3b43d828680f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-BO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-BO.js", "md5": "01455252098f884e325badc452dbe4f4", "sha1": "b7c1d86a57ed76ce6079f9ff99a339d42db174cc", "sha256": "0571b3e2e0feecbc883b0e6c99210bf467866b6ef1786a0e891647268bfd1ea8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/searchreplace/plugin.min.js", "md5": "1e1c919f51a98f94dbb31a93f27bd17d", "sha1": "672403e275a79577cbba5d4c0fe2ce04852d0496", "sha256": "2a7523ee0073c6c20a0deb493ea3e2c2107d867a691c2e6830b7749447c004c8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "menu.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/menu.js", "md5": "8e8add77d513333cc56ff829c23befbe", "sha1": "a5b3f39b4b030cd36f104b2b0b18a74ec905f72d", "sha256": "252b3fa3f10526bd7cb99a850d82f18af03675c927ee7145015c203ea01d442f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_th-TH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_th-TH.js", "md5": "a0014307cc63ab3a61d990b438e54440", "sha1": "6f8544602331b44a7ced610d3423275e847e45a9", "sha256": "ebd4bd8b8d65cb7d09dca7c999e41769d10b98b984f4fb6ad7ee6d6406c0c026", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "text-data-accentfold.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-data-accentfold.js", "md5": "cfd9a36cd686d07b65c8c8483b2ebf57", "sha1": "4dbf5e59e98b6cad436899e155c11930f11b7873", "sha256": "a21c75c0e467bc1800518ac18cbf2d85ea1af196798a86023c10c4da92eaf7a9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "base-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base-base.js", "md5": "a80675429dd63e2c896942d001a3dd33", "sha1": "3253bcf609a3b2b4a8ce2a05546398e2aa961343", "sha256": "c9edece5d3feb528f511655ab257a43b6dd8d6f3f1a88e799066063c3de7501d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base-base-min.js", "sha256": "c9edece5d3feb528f511655ab257a43b6dd8d6f3f1a88e799066063c3de7501d", "sha1": "3253bcf609a3b2b4a8ce2a05546398e2aa961343", "md5": "a80675429dd63e2c896942d001a3dd33" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/base/base-base-min.js", "sha256": "c9edece5d3feb528f511655ab257a43b6dd8d6f3f1a88e799066063c3de7501d", "sha1": "3253bcf609a3b2b4a8ce2a05546398e2aa961343", "md5": "a80675429dd63e2c896942d001a3dd33" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "EmailUICompose.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/EmailUICompose.js", "md5": "47c90104973369fa9b454e614662a1a9", "sha1": "c1ff63407a3e80175aa82c4a935b5743a7a3fab5", "sha256": "af65d9a92ba8c258c61a3facaf2b0de9975fc1571c321ddf36993077ef7aec83", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_zh-Hant-TW.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_zh-Hant-TW.js", "md5": "178769ab0f5542465898f7d6cfd53d29", "sha1": "b8914c6af60d2a2738a8225bd52c590b2374a518", "sha256": "505d94f0f2a1a6221748e2e84209a6d984726461f6f5e45ec2cc76c5aa17a5a4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-mousewheel-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-mousewheel-min.js", "md5": "f5163665dadbe39df35bab57d1f5b70a", "sha1": "4a0bf6f67281399fd767147aeee7fba312625e3d", "sha256": "97d97fc98a8af7ff530b7d94a2fd62f8e2e4b3fbc95ca8eb706686b146b046df", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-mousewheel.js", "sha256": "97d97fc98a8af7ff530b7d94a2fd62f8e2e4b3fbc95ca8eb706686b146b046df", "sha1": "4a0bf6f67281399fd767147aeee7fba312625e3d", "md5": "f5163665dadbe39df35bab57d1f5b70a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/event/event-mousewheel-min.js", "sha256": "97d97fc98a8af7ff530b7d94a2fd62f8e2e4b3fbc95ca8eb706686b146b046df", "sha1": "4a0bf6f67281399fd767147aeee7fba312625e3d", "md5": "f5163665dadbe39df35bab57d1f5b70a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "composeEmailTemplate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/composeEmailTemplate.js", "md5": "6f7ec8136c8743b43c3aa262f11b13c0", "sha1": "d8092a2ab7fde840f25b53c5a69dd7b0dd118e7c", "sha256": "b012679e668df7c781447a0d79cd993b02ffe7fb62d04fcee0aa1a855d2a5c8b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_it-IT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_it-IT.js", "md5": "d3e7f61c49df554351edd369d27b0019", "sha1": "1c9c6b0e4d5f44af5f080808ec2e9a9b9946d969", "sha256": "ad9258998e2282b84db1b172e2307bff83627b8510f4b9aaa8a4274b2c008ec2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.gantt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.gantt.js", "md5": "edbcc84c19896e2563d4c814ef09a11a", "sha1": "4a1c808e39d0cfe4c70c7e22133a0f82d3434297", "sha256": "9fa5a2b9cd259d3a153343de8d492d819feed22abde2435f003e61b221941b59", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/style/editor_plugin.js", "md5": "f9bcd692d63dfef1fe5c586d27ecd91b", "sha1": "513fec87c31d84e11136fcec36ca49f62982ef6c", "sha256": "c4c7d7dcb7d74c6055458c28c9e608231b6261975ce638eb981c054ec388e9e4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-stdmod.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-stdmod.js", "md5": "3940092d8875ef7d66e1e8f2d46a083e", "sha1": "c24fdea0955a821a9556c434f8393fef23772ac6", "sha256": "b466320f60e68755548f8f8b2e18db9d11f0571e3d3d596b3fcad05f772530a9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_pt-BR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_pt-BR.js", "md5": "7115cb742f7d96540cc00f665bd1c6ff", "sha1": "b8c21128750f5b1e40a32ec6b29f960b7ce37a66", "sha256": "31596b5a63f0176d1d4bd718b4e04acfb4f4278808012abe02f5af2fa3785caa", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_vi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_vi.js", "md5": "d185e6a31ffae20da86c276b15e3785f", "sha1": "cf40b83c06e8281146e6395d4945dc3970ebe92e", "sha256": "204706d0394e2a1837be3cb6a5dd2911e16fa2835024a42f4d2d96db36712d91", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_da-DK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_da-DK.js", "md5": "114229a2a5a702c813d529d9c0d6a6ea", "sha1": "0717d74f7b43b78c090316f9a6cf58a46a441786", "sha256": "834716b567616b9d53ff102cf40e105c82e6fba3ceca586e3dec409dfa6d4380", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.meter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.meter.js", "md5": "b0cc2b90e2928235bb7392b829200990", "sha1": "ece4c0f2848c881e158093c496b17f9e6cb334b7", "sha256": "1d866aee818e9c0a0e7788cd6435c3be95740481782341d6857f9dab9129611d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yuiloader-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yuiloader/yuiloader-min.js", "md5": "7b667a784a7897b8e38e9c738e6a1b85", "sha1": "551a1668135be556a79beb5f69b398c81c5d5a91", "sha256": "602a5f31106a46da32e34a25b522dcdac8774fefc56478c876b364a95e3b7c35", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-PY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-PY.js", "md5": "5042d551abd33ca4f84ccb45f301d539", "sha1": "6e5c0e4964278b31b3216a95e1f9e3421e325044", "sha256": "4f4f30eff6b8f4248c1237a206a43d297a9f26289b19bfb9d4109e4afc437bf8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Schedulers.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Schedulers/Schedulers.js", "md5": "9450466198ec79f9d11b6f2b11c44624", "sha1": "e532fa890daf5cf71bd33c2d3a052e9b1f3bca59", "sha256": "049075702ddf6d94d7188d9ab6d91a210698bff7d7c2ca3771e84f894561e7d8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "treeutil.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/treeutil.js", "md5": "ce318a011d8ea187f5ea4c4a3d21093c", "sha1": "7e3654477faafa49e69070572946e62aafd9b304", "sha256": "271d84b753885b660388031434aa2984906f8292c35e2f6c91982e8fec4b5d9c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tinymce.jquery.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/tinymce.jquery.min.js", "md5": "4159c3f4bba9287f62ec5294b23e88cd", "sha1": "66ceeab40f7aac0e3077535c306d573f66e23373", "sha256": "4db1801f3be862f7cb19abb5e2162b6cbb82b764aa955140029564758b5f93ab", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "console_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/console/lang/console_en.js", "md5": "515f4079f4cb02fdfafc9d516dd5a0ea", "sha1": "9913bbf0e11698da84f97e5dc64ca6e866308af7", "sha256": "dd715076be04da4de1863f61444671741abd057a362880febaaf1713da089899", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-date.js", "md5": "a55690788ff9071c691ea8e26a9d1dbd", "sha1": "49b03aad731b071204c5b97a6039361b9c305a5d", "sha256": "5eee70c6b45f8169e7f55fe16591c4f5ab0b60b05be80eccd661364ec81e511e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ms.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ms.js", "md5": "854a85e784ae131e01a4378a6fe25540", "sha1": "a5d50f2999d77dda45b57afb17c6e69cd523a12f", "sha256": "2b0d7524957a95e536d363f9d9a98c8224aba5974f97c632315868bb6b3d09aa", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype.js", "md5": "b7be9675c189562090beff961ead0b04", "sha1": "b644359d704b7b3c98eef2b4022b7bc50eb88a55", "sha256": "520788700e6c0b1cc59e33288fa1a9079b4548d8d91f17584c009e5fdc05f3f1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-SG.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-SG.js", "md5": "25310831aef7215fcbeb21831fedcd14", "sha1": "541e7f2c437a4209b349a725fcbbc007d296c3da", "sha256": "bab5ea68c65933a6c64c69d3bd3e82ea2c28ff2f0b7920423b955d20d047eeef", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/editor_plugin.js", "md5": "0f875f6606166466881452511c619f34", "sha1": "d11c5d8908d9ab6c2beeeba1899dc4a55ecd5b5d", "sha256": "b33c774e82824e13509d3e94cb2586e879aca88af91d894b8eabc8c23ea5ff8b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_de-DE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_de-DE.js", "md5": "77c9c3167a4751741738fbdeee3d67b7", "sha1": "9b65b561bc6f7765415f2f3e5ba545c978d98de2", "sha256": "ddb084917cb21807666d9d3ff02e6d5ea384a449681982a38d100d4867c0ea28", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "register.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/install/register.js", "md5": "2339288cd93d44ad20727fc308296a1c", "sha1": "b6a432e08e0ffffe97b3907bbfd5b9d58a056980", "sha256": "3c28bda1a6759cf25209155bacc765cc9a71d15d16f5d631a2a2697a2c8fe19b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.common.annotate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.annotate.js", "md5": "e8be9ab495171888ff5c37c23d2832a7", "sha1": "1d11444b3687d581529862ef47251ca3043157bf", "sha256": "0222dbdbe730ac6982eb6b436b17143d1ecd1de4724800e2bb527024baba016c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-position-align.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position-align.js", "md5": "21057e6280358b723eddbf79ddf2eddb", "sha1": "11d0eb5f000e2890d5a90a18330a8b41bda40d65", "sha256": "7e32237b2d184e90168cc3b3d3131d5ce7de78ba71c81f097922e5f618b51574", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-position-align-min.js", "sha256": "7e32237b2d184e90168cc3b3d3131d5ce7de78ba71c81f097922e5f618b51574", "sha1": "11d0eb5f000e2890d5a90a18330a8b41bda40d65", "md5": "21057e6280358b723eddbf79ddf2eddb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position-align-min.js", "sha256": "7e32237b2d184e90168cc3b3d3131d5ce7de78ba71c81f097922e5f618b51574", "sha1": "11d0eb5f000e2890d5a90a18330a8b41bda40d65", "md5": "21057e6280358b723eddbf79ddf2eddb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "html_entity_decode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/phpjs/html_entity_decode.js", "md5": "022ed687a9c7c55a21b4a2aaa848921d", "sha1": "815b7201edef2813a19b1b6980cb967ff1f19130", "sha256": "f2c54a704bb9ac0348a0d111fb96fdce6e4bf31b4597fb0c7778b8eeb53da9d5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ar-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ar-JO.js", "md5": "74d07ac67a19476d134f883410369e34", "sha1": "a2798e4812ed0a761af9eb38cdb2f2588e6d9217", "sha256": "3c44f727ecfe2ed18e2e9a779bfd76b38c93f562a13ce74123aa70d157a21372", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "props.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/style/js/props.js", "md5": "4da426952fc1a2ae1e1c4b30089e0db8", "sha1": "8fb13bd6f213301a8535c974103a9c3120b2e783", "sha256": "4ae0f21024f9dc65fed7ccf8eb64ec0ea218f9567b42ea740c10e8ee88889b6e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_el-GR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_el-GR.js", "md5": "31305a365f9e0bbafa40934e6389aa22", "sha1": "f2cf066459b64234f28726a9644bfcd6655a0793", "sha256": "e39acdc2e6e9bb6194ab606b8e7cdd2be2faeb71c0bb150d4cc51c636db8887e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_de.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_de.js", "md5": "02998d30e1b56da2066402b7bac8f92a", "sha1": "f052a323bfd3a37676cdf4250384b31eead01e5b", "sha256": "8b0f86065d36f07911d1093e4f7d79b71b7cabef5617a3fda5c99cf121368131", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ar.js", "md5": "2b9bbe8dcc89302d72c88903869bdeae", "sha1": "3842e95db42f58abc850aedf940f5583eab4c804", "sha256": "6fd175c06c9bcd1335019f8e83ac7278a435517a076ded3f69628fdcce717ddc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "main_lib_chart.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/js/main_lib_chart.js", "md5": "91d61dc6376fef2c4b1c695b9d192a13", "sha1": "75a1dc705c517d0cae3ec093d2b12723ef114249", "sha256": "e5888963b94b1e8f43c44f970c7691234fdedd75c21c2eff3eab5b1d3ec1d915", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_fi.js", "md5": "9059502ffa2d326c31e3a94dba9a0de5", "sha1": "0084ab7da828322fe3238e29636f1220d5539894", "sha256": "7a1015ef01ebf0572afff3194c1738da8ee479f9472f68c2607c798e9154734f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_id.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_id.js", "md5": "385f72a22e05c0a6a4d6a2ae82ca8aad", "sha1": "460c32aecb5dfdb30b1dc484b7fbd1b6d75b0d4d", "sha256": "bb9b863393682784a5e8bf63785e7526436cf362cb7062df7ba78078b58b5132", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarDependentDropdown.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarDependentDropdown/javascript/SugarDependentDropdown.js", "md5": "464b4e04a82d24c54ef9408b755fd252", "sha1": "4e86d797827843b134ab3eb5755b04e5aceacd7e", "sha256": "70160f5d47c5f1cb3a13fa2f2e8b74dadcba7eb482b4378bdca2e800d1b5b068", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ms.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ms.js", "md5": "b104b0397df99ccc5a70addfcbcf297b", "sha1": "3bb41fb76d081b3d0f1e6768e450cedbb44be52d", "sha256": "30d9cd996e91f2992cabbed5aa8bc330a40edb1a9d390b3cc2ec5f582a6675e5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Async.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Administration/javascript/Async.js", "md5": "ff0b1778f9d19e100cd1624d17761c38", "sha1": "99ed2080b58e0e45f27b47d355f8e582b415bf84", "sha256": "6d56e1382e1f9eb48e4296724ce94e05ec221d8530e7e4ca603b6032e80aaec8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_id.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_id.js", "md5": "5bd29073158b80608de3c1aa4171d72a", "sha1": "54b9973ac913c14736ec1e55d44e88d5e543c643", "sha256": "3651fb112e3312152d0e0d6a4fae85a47a00d745084280d18004c65b26e07437", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ProjectTask.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ProjectTask/ProjectTask.js", "md5": "535ac33c6ccc9d19e13ac535ad092c0f", "sha1": "c8bcb3869a12c7f80c6b680ea73a3aa06d043bbf", "sha256": "b8df203c1056064e07d7cf488d9d4b4f8b1938cdea555313564271516d29f631", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "imagecropper.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/imagecropper/imagecropper.js", "md5": "f07862ef97f7497f8c45d502d030b2af", "sha1": "ed3546dab5546e2600973a75dc9e02893983b234", "sha256": "bfe025ca13fbc95eb3c366a48fbb4883625faa1eb08cebed25e75292b36ade20", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "animation-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/animation/animation-min.js", "md5": "aa8aedcf06eeea23d975b99cec53ad18", "sha1": "e7927023d8c75ef823858bca39c9eb89cd50292f", "sha256": "41754d9495f6f5cd67caa5a1b6c260a20f1072cedd8a32437c96883cd38ab321", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "attribute-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/attribute/attribute-base.js", "md5": "a7d42b722c23b62e40d6f85ee8eea947", "sha1": "482e52ab08447f851a0ed499b0b5056523d63229", "sha256": "5c55d8fc8f17b1448be7783a9cc41287f716f81f24abd89ea12675dfdfa1b9c1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema-text.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-text.js", "md5": "ed8edc4a289b03a1b85a20e75e3ae95f", "sha1": "8e358888620d94ca3f595bb4af085fd610b87c99", "sha256": "9565fa838b92a04fcb4646b5b4b4e5f32ea960ef2b02e34a96c699a642590b20", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "EmailTemplate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/EmailTemplates/EmailTemplate.js", "md5": "e6e99e3837f5490adbf5cac798344553", "sha1": "0746a9a4e2992bf2e7793b53ef88299781daa113", "sha256": "4f6648c9206240241e88f96c6b219b0caf64ced1db1ef76b618a377fa75d5966", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_scheduler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/AM_ProjectTemplates/jsclass_scheduler.js", "md5": "28625c86e892617b538ad4d47e998acc", "sha1": "10dc2775a634f606b2b3d57309b850fe3691bd56", "sha256": "3a575107588182893c9e29e00a1324666ad600c45f9e8cc4d603393d138a1d91", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.iframe-auto-height.plugin.1.9.3.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/jquery.iframe-auto-height.plugin.1.9.3.min.js", "md5": "2b37e15942fea54fdb2914f539e3669b", "sha1": "b371a30410b7c7db6bbb9e3e502ac490acbdf2c3", "sha256": "e675592ee7282464ecd1dd1894df01c733f246fedd9d3a63941e16e79d7d07d2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarYUIWidgets.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/sugarwidgets/SugarYUIWidgets.js", "md5": "71488466e224c47fce263974329f1544", "sha1": "72a396e006431e555b2730b10a418c621304bd89", "sha256": "91e36bc58adb1e5bd9d966b873ccf8316cc634936b1cfb87bd1adac176d61a84", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dataschema-json.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-json.js", "md5": "873ec13ee54becbcce1bfee6a70dae21", "sha1": "f81b2bd735365335049e025969b8755aeff1a1ec", "sha256": "215bc92ff8f5659b4fac9f8265877bb04b0e3585143d47f154be368c0957c574", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "vars.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/vars.js", "md5": "c85754028c6207fb4fb31d74fe5e81af", "sha1": "212f2e1e56b96c2bcd04fddb0e3c13ad6b9697f7", "sha256": "a96d56c6399a48bc033074a4a71d8589cb9d1f70ba1a26e5d93204b93f648d77", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ImportEmailAction.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/ImportEmailAction.js", "md5": "a658f8cb5a4bb0d17a635c7631fad088", "sha1": "9218f46e9b55f8fa2cf4190048523a46e6ba6cc0", "sha256": "9accda3d6d56b62e59b0a70424e993594ca137437a9e304b01ac9182c28a6a02", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en-gb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/en-gb.js", "md5": "c745f9a8f8875c4ce78d7b50b21390aa", "sha1": "e3c1a85aeeb2e890752bce937a2b6912168a67e7", "sha256": "9c4190504c1450a8d94f2fff0fc15457a3bce829faa5069ffac2ed82d80bdccf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "style.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/themes/SuiteP/js/style.js", "md5": "095c8a6b0acdd1f9b3828edcc56b5898", "sha1": "7ca23604845b8b54beabd6ff527845bd077369e7", "sha256": "171d431cf98bdd01bc96943276f8068967190dfee8274b9a216db8ed4ed986c5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Chart.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Reports/js/Chart.js", "md5": "ce39265cf9293096f8d19930bf98b5c0", "sha1": "a494865eb7ccadf8976d942f52ba1881afc9599a", "sha256": "db887cee2a8e49bd91d1935845efc357e034cfaabb6e11f60499175ea5ec2458", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete.js", "md5": "a0d16e6fe3533101a2477b356f0851b6", "sha1": "e5255bebb8f6917271d2a76e375315cde6c6573c", "sha256": "a72a7c28d017b3bfeb09770abbb71c1662968a663867a8de48bde06881192aff", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-proxy.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-proxy.js", "md5": "75040bfb359a7974541a20f5f7d3462c", "sha1": "e07fea896c88bdea7b5321fe9be6839a1492123d", "sha256": "834a3ca3e7dda89ca0baca94c82ccd0c4745d5eb37bbd97ebbe649482b83d599", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-PY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-PY.js", "md5": "cb52bc9c2aef9d4cc2021499e6c51ce9", "sha1": "2e9cc49b15136c8342bcf5ee19b53cb366b45382", "sha256": "bb0ece20ea311b223340b7295fdc6238470c9e29f96efe7e9b750e891cd43e1d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "embed.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/media/js/embed.js", "md5": "5df3783492b848adde42124a1e9cf383", "sha1": "a9dd6504b69b75281ddfd2d3a3aae52a50cd2f37", "sha256": "1eefbb61369d4b79503eccbdccf140b2209ec36be76b41baec3b8d4d5cb91e01", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/preview/jscripts/embed.js", "sha256": "1eefbb61369d4b79503eccbdccf140b2209ec36be76b41baec3b8d4d5cb91e01", "sha1": "a9dd6504b69b75281ddfd2d3a3aae52a50cd2f37", "md5": "5df3783492b848adde42124a1e9cf383" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-MX.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-MX.js", "md5": "7a6c7ed03c3a8560902e578aefde34ee", "sha1": "676d41cbbae8af38b61ec5524f46d0d61541af2b", "sha256": "fc5e1d012bb5891d8d712a3ab63b7dfeb85f67f3a430586bfb9f617862961da6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ko-KR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ko-KR.js", "md5": "a4dc53350f1b71189b7c573ea7d2821a", "sha1": "b791454699eec37486ec5a27839d936bb7d55238", "sha256": "e246d5d899f02500dad9829ed0216478c4a6ff5012020e9c8576821b20092f47", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "async-queue.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/async-queue/async-queue.js", "md5": "083276f1cf7f2cd17954f5483f34f22e", "sha1": "7abf3d3636a3caea75a4e7d722d200a9ef895675", "sha256": "09639c62a01b36990b5369dd7a10ce787d579dec692bea2dea2c7f0b69bf9def", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-EC.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-EC.js", "md5": "56dc3b2602b296575366b019cfa2b47e", "sha1": "fde53dd9e3c4f3c4f975774ec740cc7a79b9a845", "sha256": "dff2a73844057ab01c7499e23e3358964baf08cf5e999e6079fce8c5a4712f52", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "element.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/element/element.js", "md5": "de2f5701ee1a3819b2987b6b5ffeb4d6", "sha1": "b75d6b7c038fbed40ddf3a29f3a14488fcd70aff", "sha256": "99306df58a9d8741e2014ad4625616b8fbec647427db4c1a4a9aff4fe4f07b9b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_fr-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr-CA.js", "md5": "80d2aa0b6c11ccfb3de1bd87dadf4c0b", "sha1": "54c40e22c161d3da817ee2e2740783e540aa27bf", "sha256": "c7a06ccc4ac3fb0ae3f8059f5a86562f18bf0e0b2c285a5ba865201f68a75b5a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Node.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/Node.js", "md5": "5558862b65a50dcfb297660196998435", "sha1": "9f672e3af2a9c973e4b44f0a2e461d3c7bb98c02", "sha256": "ae2fb57b4e70280c535793b04527cb6cdc42f8376f14799a8cbfd10835b778d8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-xml-parse-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml-parse-min.js", "md5": "dc8acb509892209cb1b1e97833adfe37", "sha1": "9eb0b77c45cdd15936258dca2b0f648d446deb5b", "sha256": "0f7012a5329b1b07b459f4c918088dc6750c7dd3f1aedf294a26cf0aab3d1d84", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-xml-parse-min.js", "sha256": "0f7012a5329b1b07b459f4c918088dc6750c7dd3f1aedf294a26cf0aab3d1d84", "sha1": "9eb0b77c45cdd15936258dca2b0f648d446deb5b", "md5": "dc8acb509892209cb1b1e97833adfe37" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml-parse.js", "sha256": "0f7012a5329b1b07b459f4c918088dc6750c7dd3f1aedf294a26cf0aab3d1d84", "sha1": "9eb0b77c45cdd15936258dca2b0f648d446deb5b", "md5": "dc8acb509892209cb1b1e97833adfe37" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/link/plugin.js", "md5": "e29b04320423a91df8be6c4cf3936406", "sha1": "4f7de336aaa949a4032e2a2a8bc2629fe3835692", "sha256": "98f376690794045e760fd0ddf376925196e32d275020c511a2217d1ecd15e44e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "fullcalendar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/fullcalendar.js", "md5": "0ffe9601a3781df45c662764ffde45c0", "sha1": "70e98815522fc0dca51ec8d469db3d687ac71bd8", "sha256": "6d9c3aff0fa6473c157adf1fcf012f6ea2ce36ed7439930481a0f2396c283d1e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "local-files.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/local-files.js", "md5": "c203a26ed638aa9d71f7041573965f06", "sha1": "762538f19def1f2fb620889d88b5eb491b15463c", "sha256": "3a439d244dc55fccefe9d2da49a71afa9b8d79bd6102f830dce784b4c7165b2d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Contact.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Contacts/Contact.js", "md5": "2a4fc23dbbd9d99ca94fcc5ce9143f0d", "sha1": "14cb124760f7e2185450e0671337f2ae0c94dd9e", "sha256": "c41ddc4baa362acb709286e52d5dabb705780abf3e092f2be7d6d036af1e8b9b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-CO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-CO.js", "md5": "43ebcaf8bbf857d2da85230af382c875", "sha1": "8cc5951eb776fd32054ea2b1475b098ca3e788cd", "sha256": "8227d522de94b6f240fc501aab54b7a26c6772138981d7bc2b8140eb52d7eba9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-ES.js", "md5": "870158104f7a4ac3186f7f7f413d1780", "sha1": "bcc4648305f22c4984d0c8425c5f08c012e73b07", "sha256": "3ba9cdc51b37d47d702668809f043ef40f9c9331926935d4ddf02bc70dc0f7db", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "studio2FieldDD.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/studio2FieldDD.js", "md5": "ab41e4287f0fa1c1dcfbe424b4d53f12", "sha1": "dc7a06dece6462d60886906a373e9260f2e92ba1", "sha256": "ac302843f86d0ae739fdabdc7cde0f3f0052b864ba33c621c7a997d3c73a0c7c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-EC.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-EC.js", "md5": "1d9c611785bbbd6806fbb5e3ce869c0a", "sha1": "cc4ff6b9c844dc1a3e509f95613b9d18487dd82c", "sha256": "d3053d46f6af7c1c29f510590532e3c4d3f90e24fd2efb1ecd4a8132da67f078", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.vprogress.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.vprogress.js", "md5": "0996af4cdb42b128999d68472564cb64", "sha1": "2da2224da126d3b8b2be6e567d898c154510fac5", "sha256": "8b0f4da78ffeb5279eba3b4d2dab8018a6ca9bb2ed4a78049ae5825f2f55d146", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarFieldAddress.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarFields/Fields/Address/SugarFieldAddress.js", "md5": "29aba38f6829558282b94a64520451b8", "sha1": "df61ac85115fb86397c2195fc17fc98b424a26ad", "sha256": "9593e92b510a7bee52085ebb145ee119afb0bba612b98722af927b63bdcec850", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "TVFadeIn.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/anim/TVFadeIn.js", "md5": "a49bd8604c75d29778602f346001a761", "sha1": "a7830940c784b4eb6593dd4e3605206c394320e1", "sha256": "53c2799dfde4bb3424ef80acae1b273e4460fe7089cc3235caa6f1371b0880c5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "get_html_translation_table.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/phpjs/get_html_translation_table.js", "md5": "9667941dd790119d552f99b6d6b73fdf", "sha1": "44051d6fe593d83c503ab3980a1c08fcdfdd5df6", "sha256": "103c3f98bed9c1112e0c3cd8bfbfc4d5c92370bbc0f4ca45abcd33248b28be47", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_de.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_de.js", "md5": "f43ed748c8a4bed32efb25c978e8a046", "sha1": "894faaf15285e882b6574c929d1c9aad25c7d294", "sha256": "0a7c0f66b1e6cdf2a88d28f2d6c5e2c8306d0a7051d5f5577325291daaa6a0a3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_id-ID.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_id-ID.js", "md5": "1dd895c636bb89fe1a1881bcf5e8dcec", "sha1": "73872b6427ee46943f376eba90d31624669b4042", "sha256": "ff4a31b466fbf17dcc1da7bc4d73897e15fa365fc919ee08c094c7dfca708e99", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "compat.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/compat/compat.js", "md5": "0443aba1561892ff8ba427d027191490", "sha1": "2929774978d663388e5d2decd8ce8d98a5f17b02", "sha256": "8d925229fc9ac33695ccd2a2d795dbc72199ec1577cd5f7dda34fc04f3aafd19", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/compat/compat-min.js", "sha256": "8d925229fc9ac33695ccd2a2d795dbc72199ec1577cd5f7dda34fc04f3aafd19", "sha1": "2929774978d663388e5d2decd8ce8d98a5f17b02", "md5": "0443aba1561892ff8ba427d027191490" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/compat/compat-min.js", "sha256": "8d925229fc9ac33695ccd2a2d795dbc72199ec1577cd5f7dda34fc04f3aafd19", "sha1": "2929774978d663388e5d2decd8ce8d98a5f17b02", "md5": "0443aba1561892ff8ba427d027191490" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/code/plugin.js", "md5": "3bd3edf524d13520e18edaf4d0d6b241", "sha1": "cff88324fec3bd784cbe0900e6c1b056790a8cc5", "sha256": "b35b74b453e930c0c2b3bf4d5c5db13362cd52fe067eb50e8a3d282c7e7664ca", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_zh-Hans.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hans.js", "md5": "20c122ed28ebebb60361fd084a4d393d", "sha1": "ebc12855cd561c8aa6740f6eb9b3f8fb7b8a17b2", "sha256": "2286519933e2dcdddd2c8343e214c1388ebe5345cbe1ad27cb2943bef844c6e3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/template/langs/en_dlg.js", "md5": "1ce03c0fcf0f1aa74c132459abe30f39", "sha1": "4baabe94f31715ba2d04ee264114c8a25073faa6", "sha256": "d8546fec75de5d15fb64d61421bc2324fb45ae87c7386b6232bc54c9d4f57552", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "EmailTemplate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/EmailTemplates/EmailTemplate.js", "md5": "9088f303cb5c2d33c04c1a5e924aca00", "sha1": "84ef37a02db79b334a5dc15c0ac88d9c564c1c10", "sha256": "496e621283a35d7cd7e0b9a78324ac2875a3e4921e851b73384b86fa324e2628", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/anchor/plugin.js", "md5": "d31906b33c39f4784b224e14182b50ff", "sha1": "c0b33b522170a2693fe8ed9a2c7f7003d681fb36", "sha256": "3d2d92cd0350e851e535ff097cbc7ec0547a8971a905e1770452ea5ad4856a22", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/paste/langs/en_dlg.js", "md5": "6ea2189562f65287be8e5e3185c405b7", "sha1": "35725e988dc6d356eeb09c5131eb7987a4ea75af", "sha256": "ea272f751b07fc958de3ee4e15b7e6c60b5eb75f767643aae4a5563755484b63", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "MenuNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/MenuNode.js", "md5": "78c155839f99bc3564183e1557d15d3f", "sha1": "f08a500439cf24b1ca62b67c7aa088006b84b90d", "sha256": "4e98644ac28b9c48c6cd6520fc2dd75d33ee03cbf72d326a7c51b5f4584fd6f5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_fi.js", "md5": "b52d69f327025ba5cf36d8fdd116b8e9", "sha1": "2c1518704bacdf1d449caa4aa56caa39f009881b", "sha256": "d7bf74202c7f5a71b2d71a561e06970b6e9455cf89c22f47b5c6fb8d33d07674", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "imagemap.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Charts/lib/pChart/imagemap.js", "md5": "2c52c94054f7a4ce387e456a93295b8c", "sha1": "839e3705fac69ba2034e39e27ea34988cf25e3e9", "sha256": "a45c36fde166cda981306d4344158ba164407ddd618fba34fda323f6aa9377b9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/save/plugin.min.js", "md5": "347f837e6c18b4fae15b39014cc8dc97", "sha1": "cb34b1da0698d6dfc506526625fcf3e36d9718ef", "sha256": "43bf95f1d6a8eaa49830675c33579d65941e601459e9f34ae3e0ff6928de6b41", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-pluginhost.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-pluginhost.js", "md5": "1b63f5ced72b191b731fc8c12333529c", "sha1": "59319c53fe0b7a6d19cbcc3489fe27624b6a5d60", "sha256": "ccf674d093888b4231f1db89bef3236da02e7d08dac86a00cf78760118e37df2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.unique.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.unique.js", "md5": "b2a82d78b6a2b789749c99ad83765ee2", "sha1": "a2b3b2efe941aa8b855cc8c183da2beacca515f3", "sha256": "9d5135821984e808f038af4103f47ce75f4db95d7399ded25c627f85ada2adf5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "facebook_subpanel.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/social/facebook/facebook_subpanel.js", "md5": "4cf2e3c8ed8dede097b77eeb97c96bb5", "sha1": "27934392bcc994a455ba6db39abc6a885ba4b0a5", "sha256": "ec411c17e01585c69673c5161fc12689a99ca54d449b18913a8e46587238d073", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_fr-FR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr-FR.js", "md5": "c362934816adbc8be8447f320c71a7e8", "sha1": "a27be95ed0bda04d9fff6c490315143d5a3be5de", "sha256": "0c5d314525685841fd330b6b61dd9f284e021be04d98d691ae0dec67bbf6d6c3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "lang-all.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang-all.js", "md5": "c16d570cd99cc92f2934c89d428c42f1", "sha1": "77eaad3329243c2b1585d808ddd6c7d0c69b6982", "sha256": "82b555f6dbd3794bc1ae5c564aca54bf68395b5b863aac77aa8bcc21ee60104a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/style/langs/en_dlg.js", "md5": "62a82106cfd480a6da4442b4763a2f2d", "sha1": "868f52e0d4a1dddaa35d1f43a51bcb0297a13bbd", "sha256": "9e25f93aa6d82736dbf28ce47eb25c19d533c5dd99283e45bd626af57b9cad4e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ajaxUI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/ajaxUI.js", "md5": "eabf8ee9e294e72ebd8f9f2e9d64c928", "sha1": "e1739ef33aab8483d7a949b9c01bf01cd8ef3c7e", "sha256": "be94944fcdc59ab3db29b96609a00a365c7595b2c13543c7eabd2fac008bcd57", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cache-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache-base.js", "md5": "7faf53cec8e389f3571e30ff4bbae9a7", "sha1": "1c9931939eee51f34efaffdf3ddc9d7da8ae794e", "sha256": "9f7b08c6b015041efecd901148a4e5296e85dcb2a87868d66da1f9f054023762", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-IN.js", "md5": "6925fd7d6d9bc65cc8bdbb5625be7f4c", "sha1": "6697155d2042412e88f9a3a9d9faf7ec97d9b339", "sha256": "f8044f213ec18bb16bad3f377dd5a21372fb66e1d9b7be20025baa2d0e0e1b9b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "intl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/intl/intl.js", "md5": "aa53761301220afbfb099b014ac7acde", "sha1": "9b0018c97c67a572fe64ff3590d886295546d8a1", "sha256": "dcb438f91f59df27fc04e693889c06a9d9e2943147db68c8eaef3d9985f36a4c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/lang/datatable-base.js", "md5": "a14e3b9ab1c10be41f14be092acdb3df", "sha1": "3e9c990c7d31de450bbec305aa336bdeafd93ff5", "sha256": "787de1604d742d2810b369e9d809dbf323aecbcadda71377d13de044997f3b89", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Account.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Accounts/Account.js", "md5": "363f97788fd67766e867ac749a6272bf", "sha1": "73b10bdd8df75c10c74a30950559866779fe072e", "sha256": "2fe131f96948c9283012873b5d7caba035a5378f7c60972966a905607a63d6a9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_nl-NL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_nl-NL.js", "md5": "97653e6c492dfffc41eac2dd20bfb07f", "sha1": "892504db86d6e15076c1d73a9ec17ba5086bcd3d", "sha256": "25263c8ffa4b24c3caa0ff6d9a08132bde5ac68d7543a60c5b73fdbc77c52cfb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/editor/editor.js", "md5": "4939416b692ed808b92a31c7d24e4243", "sha1": "6e01bcf39a09fb80543a804c6f68a6cab36a7167", "sha256": "e5be87348bcb6530da65be06ac312e0150cc60f78879de1dc04752c8c9016832", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/codesample/plugin.js", "md5": "1a5254aed6c2a09a2888741e727bc9c9", "sha1": "d3d7ecad4f3d54fdaabb4e419dbb63ef52fc4198", "sha256": "820e6e71d83b46336198bdfcd7475057e91df8fb11fa7d6c4b15c8c4a2aecc9f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-delegate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-delegate.js", "md5": "0edc38e7203c681236655bb677f106cb", "sha1": "648e34223daac1df800fa1a6ec8b0f8759bb7bb2", "sha256": "8c9b8df29b4d4164ce8e72e29a6a82b304e7d9a89e50902e8f163c7987f5de32", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-delegate-min.js", "sha256": "8c9b8df29b4d4164ce8e72e29a6a82b304e7d9a89e50902e8f163c7987f5de32", "sha1": "648e34223daac1df800fa1a6ec8b0f8759bb7bb2", "md5": "0edc38e7203c681236655bb677f106cb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-delegate-min.js", "sha256": "8c9b8df29b4d4164ce8e72e29a6a82b304e7d9a89e50902e8f163c7987f5de32", "sha1": "648e34223daac1df800fa1a6ec8b0f8759bb7bb2", "md5": "0edc38e7203c681236655bb677f106cb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_zh-Hant.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_zh-Hant.js", "md5": "05c2de5b2c195890ca1dfb53c63786f7", "sha1": "128fe736cfd502609969d1726c9d1ae3cc0fbf3f", "sha256": "d1f936dfa839ce6880bb8443f0b27cabb6eef50cbbd33b71a0904eb7fc2a664e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "arraylist.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/arraylist.js", "md5": "72c9aeb75571d85a64a42a958acdc1b9", "sha1": "95b660d4505c953b77b1609b7575be3cea4664ed", "sha256": "7f326a8afa5364aab4cf068bbfce6468cabdef9c96c95fa526cb35a726fc919f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_sv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_sv.js", "md5": "721a878b59f41023db9e77e8deaa3cd7", "sha1": "8f9eb41e2966652b71039127ad2b4f82f8b133cf", "sha256": "049d1c823fd0468bfbe1f9eaedf7a02f618e9d66d957f1e469e9b2a20e7f3ca2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "charts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/charts/charts.js", "md5": "e95b6d02b54b01caaa3af8cf373bfa5d", "sha1": "0c698444b6f70ead44f2cbefa84f80ceb7d12f58", "sha256": "5cb11780999ac5329af5931065abbae59cba7ee9a981755c0bbcf991f5962a81", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "complexLayout.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/complexLayout.js", "md5": "991ae012f76bf2fffdc814e1096b30d6", "sha1": "c9d77b6cab70cb11011af5107bf5320156641ccd", "sha256": "876f74a45129599e0fa4f66191a2c7460bf7aa7deb2565df646fc94490fe3316", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "splitter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/js/splitter.js", "md5": "d59c79df0ee13a45610c508fe102b0e9", "sha1": "dcc84eea8a28057796214afb166c321d4d8feede", "sha256": "11cec65aa4a4d6a49c5936b5c7efb53faa0743cc03f3b5f4857884963d318968", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/js/splitter.js", "sha256": "11cec65aa4a4d6a49c5936b5c7efb53faa0743cc03f3b5f4857884963d318968", "sha1": "dcc84eea8a28057796214afb166c321d4d8feede", "md5": "d59c79df0ee13a45610c508fe102b0e9" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_pt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_pt.js", "md5": "71c5ca3381c446da4cbe050b617c5339", "sha1": "1c5de42bdf03fd125f1f87ecb60cd3dbc2bef19f", "sha256": "151f52fd036c3585fc68428d199ad22edb7128d6a60e47e9ab18284fbbdd6329", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource.js", "md5": "f86a985943ba567fbc7b55c2ed0ef92e", "sha1": "1eb2d1762a962e548e6b5e0cb7d9bd3df090128b", "sha256": "7a72cd1c561aa108229baff916fd53b1c40458c95fc95f87f23b373d3add466f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-base-min.js", "md5": "cf04b8dd2941b241b4a05ce8010be382", "sha1": "c5d43127036d2586eca6960e711ce5f7be9d5570", "sha256": "7281ab325088208412e773a6cce159158fd2ec5c08a98acfd04f6196cd62dcec", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-base.js", "sha256": "7281ab325088208412e773a6cce159158fd2ec5c08a98acfd04f6196cd62dcec", "sha1": "c5d43127036d2586eca6960e711ce5f7be9d5570", "md5": "cf04b8dd2941b241b4a05ce8010be382" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-base-min.js", "sha256": "7281ab325088208412e773a6cce159158fd2ec5c08a98acfd04f6196cd62dcec", "sha1": "c5d43127036d2586eca6960e711ce5f7be9d5570", "md5": "cf04b8dd2941b241b4a05ce8010be382" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "treeview-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/treeview/treeview-min.js", "md5": "48d8e3d6e37a3bfcf8eedc71679fb267", "sha1": "fb18af9b918c5a3cd6063243ddca10f5056b03c0", "sha256": "daa4c66b1bbe514df67ec39c25a61896ae171dab9c1995641ef8523266709805", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/autosave/editor_plugin.js", "md5": "ae4c2aba85a22da66e3655f55d1c89fd", "sha1": "8cc912299aee7f81b0708ad896e5dc793f2bb28e", "sha256": "51a8ce4df92f36f1d6671c2f4750b28a68d9698760135ddc7e3b49e1ea30e0f8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_nl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_nl.js", "md5": "4671ae08bd40cd7e2e2c020782b9cf10", "sha1": "7063b3f98a99a87b1c64d18b59dacc40bef3a4ef", "sha256": "998d596ccce6d31ec78cd2c6ddbe0486c6064430563c8e79324fb4caffbabd86", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jscolor.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/themes/SuiteP/js/jscolor.js", "md5": "7642b80ad478d07c4f93b757171c6eef", "sha1": "795f556351a20c42855fafd317852bfe9e28e5e1", "sha256": "af3ffd7d35135afcd04a22286773c6f546093c8355f9012b8a7a508653957c7b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "image.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/js/image.js", "md5": "8d2c4871c2b431d003267d1ecebfecde", "sha1": "1cfc1ca922b1d9df3ab5fc05fec27298a7052929", "sha256": "77be8ba129f674d70f1f61c16155b05f8e5e72d61269c6c498f2581fb06a69ca", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dom-screen.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-screen.js", "md5": "5ef89414eb42817eae9392ef6e1a78f4", "sha1": "b3da9de49ac83c31f0ab58abc62b593329780bc0", "sha256": "7900bc5b693d00476381f883bae83b610e7fd6a28275860546482f653e87acd6", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-screen-min.js", "sha256": "7900bc5b693d00476381f883bae83b610e7fd6a28275860546482f653e87acd6", "sha1": "b3da9de49ac83c31f0ab58abc62b593329780bc0", "md5": "5ef89414eb42817eae9392ef6e1a78f4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-screen-min.js", "sha256": "7900bc5b693d00476381f883bae83b610e7fd6a28275860546482f653e87acd6", "sha1": "b3da9de49ac83c31f0ab58abc62b593329780bc0", "md5": "5ef89414eb42817eae9392ef6e1a78f4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "acronym.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/js/acronym.js", "md5": "1e8cb09189f3b81274ddea6fb5021525", "sha1": "783607e584a8483bf55bde92be576751e9df4001", "sha256": "f60dbace41a1240e22785e7c3eb61079de501c648f0745cb266ec8ccff986b6a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "menu.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/menu/menu.js", "md5": "4d2dc80494a9a914e6c3a3456fa90122", "sha1": "41ecb137ee8dd734ab3070d32c23aeb3d4909819", "sha256": "a2d185d9c151cdce2d0d509a807840e2fee48c491779ae03054b3238cf19a0e2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "resize-constrain.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-constrain.js", "md5": "bfcab641062ee2356165f1eb55385eb1", "sha1": "c93337eaca943c9470f70a2f47b9a3e6b5be348b", "sha256": "33dc258ff6d5024299aaa65d38abb52d88559fc77056b1f587bfbd5c5abbebe1", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-constrain-min.js", "sha256": "33dc258ff6d5024299aaa65d38abb52d88559fc77056b1f587bfbd5c5abbebe1", "sha1": "c93337eaca943c9470f70a2f47b9a3e6b5be348b", "md5": "bfcab641062ee2356165f1eb55385eb1" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-constrain-min.js", "sha256": "33dc258ff6d5024299aaa65d38abb52d88559fc77056b1f587bfbd5c5abbebe1", "sha1": "c93337eaca943c9470f70a2f47b9a3e6b5be348b", "md5": "bfcab641062ee2356165f1eb55385eb1" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "querystring-stringify-simple-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-stringify-simple-min.js", "md5": "86427d3c4892b066a6144cce53739af4", "sha1": "4adecbc0d1bd9593a11cd1d0c03429e4d6074cc2", "sha256": "9bd5fc806b1c4d9abef80ea839d7b993ecff084d858cdf4e593395993c8e793d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-stringify-simple-min.js", "sha256": "9bd5fc806b1c4d9abef80ea839d7b993ecff084d858cdf4e593395993c8e793d", "sha1": "4adecbc0d1bd9593a11cd1d0c03429e4d6074cc2", "md5": "86427d3c4892b066a6144cce53739af4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/querystring/querystring-stringify-simple.js", "sha256": "9bd5fc806b1c4d9abef80ea839d7b993ecff084d858cdf4e593395993c8e793d", "sha1": "4adecbc0d1bd9593a11cd1d0c03429e4d6074cc2", "md5": "86427d3c4892b066a6144cce53739af4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarFieldAddress.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarFields/Fields/Address/SugarFieldAddress.js", "md5": "db716b6f16be88fa2ef807e2784e4fcc", "sha1": "6c8656b21e137fe5e64b198e90b5f73a3057b122", "sha256": "b22b86d26847ff33259efa2d29893b8ddd2048dd4586bc996eeb7c9445977ca7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "layout.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/layout/layout.js", "md5": "3cc0cb8a7936d90074cb4a693da46fa1", "sha1": "c48e9bf5568138d538f6ff5deda7be9d66816f88", "sha256": "545522f087d5f8e3dbeee52dff4ca22fe12a3e9d8fd629e5864bb5c03dab3bb7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ja.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ja.js", "md5": "3f2d980dda7a722be5d63f5e755653f3", "sha1": "36edbb7930312e8735d6eaefc0dee6a3338e628c", "sha256": "fcec1bca77786d58c78768f8b23adc9bc3407724838ba6b760bb85df48ca8f6f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-PE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-PE.js", "md5": "7e830579e4bfc9dbfddacef19a4d0a99", "sha1": "ed0abab3f2fcf4eb00302bf5829291c7f3c84d66", "sha256": "f2845e85a69b37459737a4f1c5d3a027cd2e7abc3ccc0d8cf01c612325ff59dc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "basics.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/basics.js", "md5": "4d0fb52675d4e4a1dcccfd68734b78a1", "sha1": "447c9b00044e6253b31d522d3de0ba08c04d240d", "sha256": "004fba3260c3cdd25149052ce68b865c6a84d416b4650e2e3c29e7a66faad2af", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-BO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-BO.js", "md5": "810615712ffbf8c0e1b71b390635642b", "sha1": "899b0164a94f9934031a380c8f07878e6506ba22", "sha256": "852c32a8df37c0cb4978f35d9d80a845ecf099bf6c642b3f843cae8dbcc50175", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dataschema-array.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-array.js", "md5": "4c690f317f72e1425a0ff07bd6cc6247", "sha1": "82e0db57be0b257393cec8c9a3abb0883e554458", "sha256": "90246a921b126ea892be0472bdaa7b3393f2ca7ea24ee046240f4b58a612e4f6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.zoom.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.zoom.js", "md5": "a070b19980fcb5db86190443434026f1", "sha1": "a9ac1692ee634d055ecc49af786428da608cbaf0", "sha256": "58d54c735dacdd04b6decf82c97f6af77584566bfb5b12c28c0c0693b0c0153a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.scatter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.scatter.js", "md5": "49b4e4d4a3308a15213c4a17fbb35e8e", "sha1": "45fd8fb61eec6a685be9c1d894064e50da16a09f", "sha256": "41c2c152f55607376020df7c2e14607c654165cc18846dc146f00a1b53e5a48a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Administration.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Administration/javascript/Administration.js", "md5": "921f031abdae0f1a935c8558b94e458d", "sha1": "818371fc5b02ba4b3ee8d0e03bf4fe82feb93683", "sha256": "1a70f2e0248af15bdc8f50192e7b0175b8d89fce2b01afa881c215c22bdfcf85", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "uploader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/uploader/uploader.js", "md5": "5a0ffdbda22649b381291d23de53ea52", "sha1": "12f7dd8e65477ecffe8f5d7acd3122e70b4e5ee3", "sha256": "9c82438656fd4067884c9f7575ee979c152feb05547dee74c5c123629162a896", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "slider-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/slider-base-min.js", "md5": "a140b90e528f960d7da7a2284ce4f565", "sha1": "f4a74a68664bf7d323c8f75345c9895e6b8f1fd0", "sha256": "f666434a6a42ecfc2337d9cee81b5d38f97ab55e1690cdb74c3738b4ff3e9c60", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/slider-base.js", "sha256": "f666434a6a42ecfc2337d9cee81b5d38f97ab55e1690cdb74c3738b4ff3e9c60", "sha1": "f4a74a68664bf7d323c8f75345c9895e6b8f1fd0", "md5": "a140b90e528f960d7da7a2284ce4f565" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/slider/slider-base-min.js", "sha256": "f666434a6a42ecfc2337d9cee81b5d38f97ab55e1690cdb74c3738b4ff3e9c60", "sha1": "f4a74a68664bf7d323c8f75345c9895e6b8f1fd0", "md5": "a140b90e528f960d7da7a2284ce4f565" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-CL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-CL.js", "md5": "5fc6a06d04bc7324f0b11f32e2b9b7c6", "sha1": "7facef5c049577d8388f7679193300c134873bc6", "sha256": "74f94be17905f242d7684ecbb1187ebee97af8515aacdf20a99a5fb1d4f5899f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advlink/editor_plugin.js", "md5": "5e440c6bcb7fd94e7fd597f8a183e16f", "sha1": "781f5d6031091905b30f803b7f538eaa8e8221ac", "sha256": "abe109fba0f2d2674c377c62685f1720297ac2d71fe1d6d7ab316d685c35261c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "gruntfile.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/gruntfile.js", "md5": "9ab7aebd0a0a71ef10ff8cb94b2ebd5d", "sha1": "2f56da58c229dfb3ede482c34f2fba745476bc32", "sha256": "2713069dec92098c691dd0be365180a622fefc2e3efb27cd22d750fa86a55df7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_sv-SE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_sv-SE.js", "md5": "add99137944cc1a3f69aac97a61a88ee", "sha1": "f74b36cec05aaa605f2ce6d4b73f921a8fb86b3f", "sha256": "ca24541963f5d2415fd998749c45a7e22a91eea7d90ad0901ba8f90d96e2ce92", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ru-RU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ru-RU.js", "md5": "1ed0b903c51141e64246f7fe38e7b97b", "sha1": "e2d4bc1bed75d97eb83962365950c92de69f3a13", "sha256": "5700a9349691cf3aa0b31511217d3fc8aa6d6fd3ad76715b980d89627ea9aac8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "resize-constrain.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-constrain.js", "md5": "8bce8eb3205eb9074909c08712e2fd95", "sha1": "79ccf81072a86483ada5ed3fcff0f99d7d467db9", "sha256": "26bd9ae1da5be1835ddc3e540bb91715f198382e18e798e3fe30d66fde4f42e8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ygDDList.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/ygDDList.js", "md5": "0cd9051a220de7e8c79bf5b9cccce10f", "sha1": "7a365f9e26068cdc931850e03e8d8302e4185f5b", "sha256": "489b16837bc48fc45e57e4bd896c91994a745bd4c9a3495a516f797379281455", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event/event.js", "md5": "c1ddef062c503ec33b21611f62bd55de", "sha1": "f58c82c7e8388d7945996d97d327e51720b8db24", "sha256": "7bf0a4afef027b1937cb1c3b9fc3cf7305a90439a41109f73b0ab08d5eef11e7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/fullscreen/plugin.min.js", "md5": "5a1ebef95e0c0f9efe200605851770c0", "sha1": "b2026132ce2122d0e0b4b3a836a85df815ee3b58", "sha256": "ee4a2a150030d009544892476b4896e48f635177e735bd1e261c56d1e9d66d68", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_zh-Hant-TW.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hant-TW.js", "md5": "810a2cd7245786c8b07c7141cb6ba2c2", "sha1": "97ea57b780a06cf366c67afb061cd3fcbce9d25f", "sha256": "db8af634a19c2c9a5943d56dc2f24131a946ec9dda816e75820ea7b7c36f6924", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "intl-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/intl-base.js", "md5": "78f18e1b00eefb45c40e10aa0cc05817", "sha1": "c8431b7e53582df16f6250ad6a91cd04809cb007", "sha256": "fbfbf4f8428eea9c587d5dd7e748f203a65a25dcb9d85bd8b38f9eab20845e75", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/intl-base-min.js", "sha256": "fbfbf4f8428eea9c587d5dd7e748f203a65a25dcb9d85bd8b38f9eab20845e75", "sha1": "c8431b7e53582df16f6250ad6a91cd04809cb007", "md5": "78f18e1b00eefb45c40e10aa0cc05817" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/intl-base-min.js", "sha256": "fbfbf4f8428eea9c587d5dd7e748f203a65a25dcb9d85bd8b38f9eab20845e75", "sha1": "c8431b7e53582df16f6250ad6a91cd04809cb007", "md5": "78f18e1b00eefb45c40e10aa0cc05817" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RootNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/RootNode.js", "md5": "84e59f27cdc5626482e0aab754afaaee", "sha1": "19462a3c3d9e90d7a824a00d56951b7917cdb99e", "sha256": "8d725512b59b7f5eeeda85e09d95179afc858f18683b98e0cf897854ab6837d7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "clickable-rail.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/clickable-rail.js", "md5": "175427ee3f67309ce8c649acee837d14", "sha1": "1ce5f8cd73a31a4148ee828441151df070d3b60b", "sha256": "81f8fa74ac65df2251858fb4e376c902e73dc42b051991d5fdc054a10bd29c5a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_sv-SE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_sv-SE.js", "md5": "c5bb60408d485dcebf9b7b0ed2d5676e", "sha1": "605c8ad7ebdcdbaf9722c5ae4bed2e40cf78574d", "sha256": "327931feb12c4c1baf23bcaa7fc1d29c6f326c5695849c841ecc569d7c2bb5a4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/lang/autocomplete_en.js", "md5": "7d6c448ae3a48356d8180182b37e2c91", "sha1": "7ac01612c74225491d7a3abf424f1b2756d22ffb", "sha256": "4fb14750b1a15e0a7d9b60756da11dbec9a6bf1a98e7e8e0c059f1a34d29b1e0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_da.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_da.js", "md5": "8190326377b53600779de7d829a71e7e", "sha1": "875092cb5c397597a9538aaf8af021d2213907d7", "sha256": "dbc289034a8c7afa37f586f4f12d1d2387efe73c3fcd2d45ad3e4988fe7bb5de", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "EmailsComposeViewModal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/EmailsComposeViewModal.js", "md5": "56de1067a62dd8fecbc7706725e067b4", "sha1": "74ec8f74accf0f68634b9d243187f3dc199c66ae", "sha256": "b9180197d145113ee6ea0dabbde8c453204ded415d81d9109e1d8df7505e0f0b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/contextmenu/plugin.min.js", "md5": "f64498580e137ac0206b9b655bcfa297", "sha1": "1bf9e552ab3b5958e86640f85a81019e06bd1dfb", "sha256": "e6a45ef86a996d51b258d9c690296ded2c8dee75d6ce87f89c64c835d82e533c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "anim-curve.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-curve.js", "md5": "0402ef0ca751daa33c197f0e981b7cd3", "sha1": "57f0f8e16c1d6299e5277009b701c3dfa6002d8c", "sha256": "54dd9f6f8aceb19554b2d758b9e6ca5181e269d8baca61916e702d71eace791b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "whoops.base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/filp/whoops/src/Whoops/Resources/js/whoops.base.js", "md5": "79416cd9db5f46db89e3e55ef7498ad2", "sha1": "a7c4e74684264595281bef741e160160dfd828ff", "sha256": "bc0b07571948de1c97926a5b5aaef50c7ebbbf0c93b00c347920aa4cc0eb18a7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "menu-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/menu/menu-min.js", "md5": "2c5a66c505503dfff9eeea75fc9f3df4", "sha1": "ef79ec003435d5b2d50d6595f36d10a0d4b89cc6", "sha256": "9d0066b01fb53fd14ebd9555d68424a098a0f6a039f7405030120a10c2f05c46", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor.js", "md5": "e12f4bf5281933f612fd5109cade9445", "sha1": "975bafb304f831eab221344c1239aca5d8419af9", "sha256": "ecd66ec765432479b49c3fcdf1c444026a6f598036866b2180802a81bb834863", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dbConfig.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/dbConfig.js", "md5": "ea481c37548a9ff66c45001a60054aa4", "sha1": "ce48d3a41a63f7914e7a61ab17eece49ec20b197", "sha256": "3187bc97aa1289f24bf12fd41a154f737cc33d4ecd7298fdfdc7f08f3a4af5f7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/layer/plugin.js", "md5": "e0af5e620d0701bb23530fee7fb82195", "sha1": "6d2a02fabb924f98427707dc56451e5db7c4f810", "sha256": "bb4aeb16496d003a827f83be9c069d87a7d67617714d08fd220f76fe2275bb40", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es.js", "md5": "02a6eac61ae7f8328d9c78563446fd78", "sha1": "4b28a24d8e8ec471d66596ebc9fd11ebb6ac5d65", "sha256": "36e7184e976cafce725bd99f150da96fea612b28bd2d41177e557e2b9d89bb01", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/charmap/plugin.min.js", "md5": "3231e7edd451f1950c2a856e68950399", "sha1": "ce572fdf04ecf1add402fe8446a0c42c5ad9ea3e", "sha256": "45a7c4024f17c3a91f3ade243382740dfd1f3ec4486d7f1a28ce404236f6502c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_de-DE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_de-DE.js", "md5": "997070c293d2317d27ab0931a81582e5", "sha1": "ef5c9fb2b4170e03e103672e842f6bec65373342", "sha256": "0e31261c0738db7736e980d6532b7fb1ac3fd1f9ae11e470933f4ae7b343d023", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/lang/datatable.js", "md5": "e72e2dd6fc04b61ac8bb8f509b3c4c7b", "sha1": "e963b976ad128fbdca2170fa0b6bceeba4f7dbb8", "sha256": "94be54dfb699be4c444f6b74a530acf98d9beff65bb6df20e6b8dff0fac5cbd1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.line.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.line.js", "md5": "7fdef09254e8a84e393d623e7d781178", "sha1": "e8343b3c13bcdabc9c83689078aef9a8485b5402", "sha256": "88ec90c21462bc0b4e2a47e8571aa08b6af5f0f39b622b993f49e920c34a643a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarEmailAddress.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarEmailAddress/SugarEmailAddress.js", "md5": "0391c648fd9875ac2143030a97758088", "sha1": "fac404ad89f1905ceeabc6725410b3d572b173d9", "sha256": "39b478cc0a7a9227570e76774b2eb337f22655d2d9a3f306a1fbcee3aec11123", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ko.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ko.js", "md5": "5af6d942d0dee958ab945f5a8fe028f1", "sha1": "7be13598bcf02175ec6bb782168aa759bbb54bac", "sha256": "f1be169c08c3818f48f580013646b54d4bea2a8c2bd9dd3df26e7f7b8c501ed8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en.js", "md5": "c179419a739803e67844624cd6b47eab", "sha1": "3e663cb4001e9e0b9b14127883424251dd166000", "sha256": "372cc94a335ae6f7f0a6e3f848ae535570f74a3f8b6e598b89ba68a069ddb0bb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-PH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-PH.js", "md5": "581ad7b668e20facf35a0da943237b8b", "sha1": "d94bc2dec6eea3f0b1fe4fff007459160d15ec5c", "sha256": "faee2adf8cfd9106f9a6435b16368041d9b9b9955d4a92522b5463527b77af8b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advlink/langs/en_dlg.js", "md5": "8da3a95d6886837c0bca18670f57ae1c", "sha1": "bf25364f04939d1375416a214bf147fe4b6638a2", "sha256": "20d7c6d51c3c4c6ef68275127ee814d909a9313ac4e145c9914328885d91c706", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_hi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_hi.js", "md5": "b1e14777db37f672d809459e3322ce3f", "sha1": "12354b445d005c381cb3f1268ad38311f2768772", "sha256": "3f96700cd63eb732a62215f56856aa47053bc0de60e8fba918b8bbd102e15f80", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sugar_3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/sugar_3.js", "md5": "4e97ca477fe5050f0b3945931832d160", "sha1": "ec26640ea97a72b002388b72bf8c68964cae9831", "sha256": "75516b73e5f261f493c3eb40244f97ecea297bf7b146350dc6788ddacf282150", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "UserEditView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Users/UserEditView.js", "md5": "b803ae3fa7669504f36c720cb12a1e6b", "sha1": "04e07198b2eb6239db68f6eaef065cabd07d3492", "sha256": "d41727395d392195c88232b3425105bfeb5be159bdb3624549b329b59b9c89f1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-min.js", "md5": "b676862ab4a27baa9de57343c0153df3", "sha1": "3f9452ccd360049f08638ebf6050741f529664ce", "sha256": "cd1d65ede4c3eb8a4d40ef5e735fcd7d45df1096d8e2d109f01ec8dcf10fc89d", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-min.js", "sha256": "cd1d65ede4c3eb8a4d40ef5e735fcd7d45df1096d8e2d109f01ec8dcf10fc89d", "sha1": "3f9452ccd360049f08638ebf6050741f529664ce", "md5": "b676862ab4a27baa9de57343c0153df3" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete.js", "sha256": "cd1d65ede4c3eb8a4d40ef5e735fcd7d45df1096d8e2d109f01ec8dcf10fc89d", "sha1": "3f9452ccd360049f08638ebf6050741f529664ce", "md5": "b676862ab4a27baa9de57343c0153df3" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "console.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/console/lang/console.js", "md5": "aa41a9cdf3aa11826c637d0e76638989", "sha1": "0f86a9fbe76565b1ddeca7bd354dd66c0e0bc981", "sha256": "ac735ff3e09da1f69940b4657e6bd4b74d10247d662d2ed93b6373c6ad258b6d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ca-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ca-ES.js", "md5": "360969553bfd25318adcb308729d9551", "sha1": "38c5fb03b4ec34a3e13ad8dca48a5b926c1c24ee", "sha256": "532627037b74bf4d95cc3aec7dddc9d7ba690c48665b63df47445c7d82736d2f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery-1.4.2.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Areas/javascript/jquery-1.4.2.min.js", "md5": "df0ff7fe7cd0e9795a02c58de82f6d69", "sha1": "5ddc254648c0d8f2b20f277a7de6da3e1d8f960c", "sha256": "83eca7ad41f603b88fa13c9022aeb1e4de0d85280ddd1df2df6df93fb1d6eae5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "1.4.2.min" } ] }, "packages": [ { "id": "pkg:javascript/jquery@1.4.2.min", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.4.2.min" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2011-4969", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.", "notes": "", "references": [ { "source": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4969", "name": "info" }, { "source": "MISC", "url": "http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html", "name": "http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190416-0007/", "name": "https://security.netapp.com/advisory/ntap-20190416-0007/" }, { "source": "SECTRACK", "url": "http://www.securitytracker.com/id/1036620", "name": "1036620" }, { "source": "CONFIRM", "url": "http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/", "name": "http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/" }, { "source": "CONFIRM", "url": "http://bugs.jquery.com/ticket/9521", "name": "http://bugs.jquery.com/ticket/9521" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1" }, { "source": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730" }, { "source": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1722-1", "name": "USN-1722-1" }, { "source": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/01/31/3", "name": "[oss-security] 20130130 jQuery 1.6.2 XSS CVE assignment" }, { "source": "OSVDB", "url": "http://www.osvdb.org/80056", "name": "80056" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "info", "url": "https://bugs.jquery.com/ticket/9521", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/58458", "name": "58458" }, { "source": "CONFIRM", "url": "https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9", "name": "https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.6.2" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-6708", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/102792", "name": "102792" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "info", "url": "http://bugs.jquery.com/ticket/11290", "name": "info" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20120206", "name": "https://snyk.io/vuln/npm:jquery:20120206" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", "name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" }, { "source": "MISC", "url": "https://bugs.jquery.com/ticket/11290", "name": "https://bugs.jquery.com/ticket/11290" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0" } } ] }, { "source": "NVD", "name": "CVE-2015-9251", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", "notes": "", "references": [ { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/issues/2432", "name": "https://github.com/jquery/jquery/issues/2432" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "info", "url": "https://github.com/jquery/jquery/issues/2432", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0481", "name": "RHSA-2020:0481" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588", "name": "https://github.com/jquery/jquery/pull/2588" }, { "source": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/105658", "name": "105658" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { "source": "info", "url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "name": "info" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20150627", "name": "https://snyk.io/vuln/npm:jquery:20150627" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "source": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.5", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0.1" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0.1", "versionEndIncluding": "4.3.0.4" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1", "versionEndIncluding": "17.12" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.0.4.0" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.0" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.3", "versionEndIncluding": "7.3.5" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2" } } ] }, { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "event-mouseenter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event-mouseenter/event-mouseenter.js", "md5": "b56679d9e34e5252cfd7b0e6b2aa8a35", "sha1": "2347f901696fb19cb6c82db0e13a49a66a05af64", "sha256": "3bc98e6d69bf9acdd18ce91ad5e2d6af625a9c4366a7843b8fce9f20edc28eb7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advhr/editor_plugin_src.js", "md5": "985d4e4b24ee2905f89ac670979d9816", "sha1": "ec461106466b1a58f236d212e787d58c8b67c653", "sha256": "b7e3071f218bb33ff457fae9e698f9273da197ed5cafa3447d79a87437b77ced", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_nl-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_nl-BE.js", "md5": "87cd696b61146273be3c4d4982f5d33d", "sha1": "be6a43681bcc0d6d8ce3db65be7b1ec3f7bca878", "sha256": "9de6ac922d15b20f201eef614349798049926792791750825b75f8b916d0ac45", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-deprecated.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-deprecated.js", "md5": "5e12769af1207a00b70ba8d62f05a8f4", "sha1": "9739743d119cf522561e095310f1a6c688b2f218", "sha256": "db0f1da0bde1f5cf0f7c734361753c7d2d8dd3a3cda687f8f65de558c0429215", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anchor.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/js/anchor.js", "md5": "f69b824ff2b94f22713614c2dc5992e0", "sha1": "7c346abce3e8137eeae346710401531124e8cbb2", "sha256": "3984b761b53b5ce3bee6adae83e0d776cffcb494c706bce0df0f98e85b8b9621", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-sources.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-sources.js", "md5": "3bd9de7e3a1afd958bd3f97c5c3fe52b", "sha1": "2211f7384ef79929d55722cf4b6fee30aaedf268", "sha256": "03d1e3eddecda051d840a80cbd0aaf9d31f52606a2af1d4e1861b5b7af86d0cd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/layer/editor_plugin_src.js", "md5": "5327d553949b715fbb922591d3f2a867", "sha1": "6f864c1e20341446075c6f17199b9f01eeb56233", "sha256": "30a4ea8fb900ab76ff93d7f5a00802b8078033cd43343d9e1eaaac6fc1007190", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-IE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-IE.js", "md5": "bad9dc8d4fab5dcd3439e8ec7d1fa8df", "sha1": "9f068fc6d1d5b9450c7527a89553b971791342b1", "sha256": "05304b88dabe364582a545be96ff3143c005207383a1eb9256853b924ef546ed", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_vi-VN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_vi-VN.js", "md5": "4fe46df735777db9a95908a896053b85", "sha1": "6b7515d0728236a81a7308d051eada753e45c8d1", "sha256": "c90de083b4ff1c714fe755bb62b1bd881b89e804b25eb4df552596663a68407f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-color.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-color.js", "md5": "06e7a9c83049f81368d0951e5004984a", "sha1": "5d395e41d5f8cc47be38f2dc2d86bcccc21cc223", "sha256": "17c767c9b45d417307ea35722f1fdce93f1353a6654b79efbc3365784c2ed8ed", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-color-min.js", "sha256": "17c767c9b45d417307ea35722f1fdce93f1353a6654b79efbc3365784c2ed8ed", "sha1": "5d395e41d5f8cc47be38f2dc2d86bcccc21cc223", "md5": "06e7a9c83049f81368d0951e5004984a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/anim/anim-color-min.js", "sha256": "17c767c9b45d417307ea35722f1fdce93f1353a6654b79efbc3365784c2ed8ed", "sha1": "5d395e41d5f8cc47be38f2dc2d86bcccc21cc223", "md5": "06e7a9c83049f81368d0951e5004984a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-htmlparser-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-htmlparser-min.js", "md5": "66fae03911b2a222969bf07e889ceea5", "sha1": "cfcf3d8c761834654065f3b960e49a47caad42d7", "sha256": "fea5f896cad21746308ebba17aa67e9a5ac920aa2c28daf44efefa5834cd996c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-htmlparser-min.js", "sha256": "fea5f896cad21746308ebba17aa67e9a5ac920aa2c28daf44efefa5834cd996c", "sha1": "cfcf3d8c761834654065f3b960e49a47caad42d7", "md5": "66fae03911b2a222969bf07e889ceea5" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-htmlparser.js", "sha256": "fea5f896cad21746308ebba17aa67e9a5ac920aa2c28daf44efefa5834cd996c", "sha1": "cfcf3d8c761834654065f3b960e49a47caad42d7", "md5": "66fae03911b2a222969bf07e889ceea5" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "canvas2png.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarCharts/Jit/FlashCanvas/canvas2png.js", "md5": "4c95a8c2071e0d5b4ae1531a790f1492", "sha1": "bf718eabec7db5ec3d867185e97f032dc2cc3b95", "sha256": "ae8196c09818e2a4206676e815ee85fe52036b3d9bf827fed3fa37c4857a5b55", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jstree.wholerow.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.wholerow.js", "md5": "1a20961ea0576b8f28cff061452a2c1e", "sha1": "f00e7c0b0fb593d634e53228174aac6ca3167ca8", "sha256": "e0c568eef70fd899cda53420649779b374796aca3def0fc8cb189d3807fe6fc8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_nb-NO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_nb-NO.js", "md5": "4613df46fdb2d0c453a4bde97be3b7ea", "sha1": "378d322b2cc24f9b936c82b357b9b97bce910840", "sha256": "86e8552b8d69e4c4f3fb25ec25c9cf0b9b5d0c5f0de7d4b8bc783428f6c7a270", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/emotions/editor_plugin.js", "md5": "98cba02e33fc108024f3e993be0b0b62", "sha1": "4de3213939a26035afeeff42dde3c32c1727465f", "sha256": "2f82915ffc9ff1041b38a4a0d30f6dd2866ebad438b5804583b6e04ae821756f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ja.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ja.js", "md5": "e6b4af4d80f07b99ff8a56ef27162ec7", "sha1": "35dbe999a684edec56609118b46f7b375087ef73", "sha256": "91c5790416241d0561847a2266095bcd024270e144814b0ba632590f71dba475", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-NZ.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-NZ.js", "md5": "a49681a233be9c0000d439d9b51f4bbf", "sha1": "0478c338f400001e7f1e0116d7a63aa44861539e", "sha256": "9abf1258ab181f9781fa047f912476a09aefb8c76c14e29335ac54311d877d7e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "highlight-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/highlight/highlight-base.js", "md5": "ad63aaf5077cc39aaac135c270c466b6", "sha1": "f42a4e1974aecb9b59e52130671b9df3ea7927f5", "sha256": "fa79c4fba3cb20b891feb250db49e6523b8c1dcaaa758c80199b6a8e16ebe24b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "stylesheet-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/stylesheet/stylesheet-min.js", "md5": "75bd882fb0e8921fa84a7ec0f7b25644", "sha1": "3f056a0ecb7493323551a3517e18f020d367a4c5", "sha256": "5f99246098d76a77190850a340b702fefc225b82930fd14452e5e837708808e8", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/stylesheet/stylesheet.js", "sha256": "5f99246098d76a77190850a340b702fefc225b82930fd14452e5e837708808e8", "sha1": "3f056a0ecb7493323551a3517e18f020d367a4c5", "md5": "75bd882fb0e8921fa84a7ec0f7b25644" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/stylesheet/stylesheet-min.js", "sha256": "5f99246098d76a77190850a340b702fefc225b82930fd14452e5e837708808e8", "sha1": "3f056a0ecb7493323551a3517e18f020d367a4c5", "md5": "75bd882fb0e8921fa84a7ec0f7b25644" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.state.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.state.js", "md5": "34626e154d87508fae63522d08941bfd", "sha1": "25b4af898d15576a7bf3563306c4ad59f11d212f", "sha256": "25cf9be07ff60df1aabf776286868b0e7a6db53cd15e84c87026480f1ef42918", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/langs/en_dlg.js", "md5": "3a2c8aed5b7579ae45be6bd2b34ef06b", "sha1": "3889bdb90a0c3c4e9fd667cc9fb90073f8561f5b", "sha256": "5adbacceae6dcb5fd8cd76dd5530289f6015ec971899307787e1da3df4659bfc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ru-RU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ru-RU.js", "md5": "7c51d7b2efdf21c94b6da574ddf529ec", "sha1": "d8a92a94c67d10a7c0eb285cbff9377a8f289dcb", "sha256": "38479690122b7e08698aa60491fe1064a6ccf730d9b4f34a63d48100853335f9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "viewPrintable.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/viewPrintable.js", "md5": "fc1988ab7e2587bdf9eafda6771a71cb", "sha1": "842ad9ecb2f641d4a8796717daa1bdb9191ac39b", "sha256": "c593517385dc99c3d69818a90d9ae323d65683d307f3e62b85ce7f059e3a3aab", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector-min.js", "md5": "5518623ec25933ee22d56485d9135c16", "sha1": "202b87218ad0d389631939a26028f73ed23824e2", "sha256": "633ad694f6cc33e81a0eb98060fe339c95a015f03c7899aae5ddc4de7ef9f257", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector.js", "sha256": "633ad694f6cc33e81a0eb98060fe339c95a015f03c7899aae5ddc4de7ef9f257", "sha1": "202b87218ad0d389631939a26028f73ed23824e2", "md5": "5518623ec25933ee22d56485d9135c16" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector-min.js", "sha256": "633ad694f6cc33e81a0eb98060fe339c95a015f03c7899aae5ddc4de7ef9f257", "sha1": "202b87218ad0d389631939a26028f73ed23824e2", "md5": "5518623ec25933ee22d56485d9135c16" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_nl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_nl.js", "md5": "49e65e77b4975ce7dd7907595bd71bee", "sha1": "9c3a82cbac7599e7ba8e62b2e59b4c1a102aa3f2", "sha256": "fa25676bf1d2335810bb8d03b4d98615e2ccb82d0852f8fdc660150f0b4a45a5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Merge.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/MergeRecords/Merge.js", "md5": "dea40da53ff129ec72062cba7808d0bf", "sha1": "2a0917321d3711363a5947004668ab397a5781cb", "sha256": "cb39e7282ceb722851f371c10407dc6a1dbbec70707dbb73dd2a5e0895ddca42", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en-au.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/en-au.js", "md5": "5d8b87c646339e05d7daba815f744f37", "sha1": "55ed25b5122b6d4d1691f86f442dd4de462efabf", "sha256": "298225aae4e5ac9114347ba660d02a2d70d5f61ffcc17e3b2da7acc080e9bda5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/editor_plugin_src.js", "md5": "cfc3b719faaeaee3352e67d393c32723", "sha1": "ffbbb827d96962c0dcfa13c482dbb9304f3a5a64", "sha256": "ea50832a5df0efb55c8cb77ea521040693e1eac2ed2145894d12d334cab9aa9a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_async.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jsclass_async.js", "md5": "d82028e460c2402da3d27799716db024", "sha1": "a55a2510daec0bd84fdf4004884b6ee396598956", "sha256": "fe2f61d80458c548f7e29271741239e15a2f3b980c37a4813849c969ad87bd0e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "stylesheet.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/stylesheet/stylesheet.js", "md5": "852609145db7129db43c8a5040d6769c", "sha1": "c27309acf8004bb4925b4c5da4aebad98669f78e", "sha256": "783d5224a914b6b857cf57dd2f319e01337ff63f8643c83d87ed42adda5cb48b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_fi-FI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_fi-FI.js", "md5": "33b781ffbdf38953b6314a0bfcdde153", "sha1": "b866e3ed9c520037875e115aa28edd7891cf4dbd", "sha256": "20e656658609124b982b6240ea76286dc242ce5cff5df8b4c45f5bc8c6351a67", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yuitest-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yuitest/yuitest-min.js", "md5": "9661219f8944c04afa94ee780d2c1268", "sha1": "c36d79827273e04c459cb986016a12491b542fc7", "sha256": "c23f4ace15aef86ee89d41fb7b1ac49d04e873b83903df4b923ce7007dd8a6e3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-SG.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-SG.js", "md5": "9cf47a101f3a2a282ceb10cc5e92a409", "sha1": "f66727a3ab1209240c28062129aa9c5aea17700a", "sha256": "4c54093ec61258a7dd41a989fc2a9c3a747974f44322fca7939b2071a7f0aa21", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_fr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_fr.js", "md5": "7da3cda9768e172755a417201cd55914", "sha1": "f224cefc1dacd6c813540d84ea1e9163f7ac4a64", "sha256": "361a74c78f2621da4dea3e7b53e07927c5c46957e50e04e7ec283257b2d56fe4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_sv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_sv.js", "md5": "117c5cb9ed36f117e4c1c6a7a830e3b1", "sha1": "6184b7d148d061558e38d8f52a8f5be75e1fbb74", "sha256": "05ae5410f5f413ecac5c6d5addeb8dc2fc34e1161c8b8ddcd2cffe10b4903c02", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jstree.changed.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.changed.js", "md5": "aecd514d53d06edeab770d0530e0e3d2", "sha1": "54f911a930892ba680b446aeba3b75596a338e70", "sha256": "fd2db820cab37bc24dd54631318c64f0e40e429222381fdb7cd47fed7fbf5ff4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sugar_connection_event_listener.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/sugar_connection_event_listener.js", "md5": "431e88e62c5a7005693189d1e9d8e916", "sha1": "bd9e9b4e694919f1b75c935f6e6a7b05d555e3f3", "sha256": "ac06f27763392de8d5aacbfb559f2fb33106297faa05b961fd77b8516669af1a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "scripts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Administration/Search/scripts.js", "md5": "685c780e9862ed6e523e956607e57457", "sha1": "24b9bfef41010329e459ab9bbe78fb3a96c825af", "sha256": "3bd848bfa3502f4385bb84f4080a93c14d6f42178c5797b4fa0c3401f00a3f2b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-scroll.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-scroll.js", "md5": "112370cfd4d1045f76964b460d2367aa", "sha1": "5f2ae339f9b044e7be245c6786a2f971c3f567f9", "sha256": "21ed31757dba50bfffea0059f7d3ec34b98fc5ab81457fc4d0b2082a9d427caf", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ca.js", "md5": "7c026e7be311f6510f707e4d91ac6dbb", "sha1": "dcc21eedf8274fe1a2613499f707bf44af02554c", "sha256": "cb998daffe92a367288a2a1467d6f98d4a1691cff7fcd7ae494a662a01a433a5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dump.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dump/dump.js", "md5": "37ee18f1f968c1bd72e580099e933f75", "sha1": "3a71df6e0e69ee7c785e3a27b4ad0c18df967048", "sha256": "826afc70216b8387d7a8a5f379d35ca6743b3b84e0d6c846245f0ac98fd83a7a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_it-IT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_it-IT.js", "md5": "f2c88849f8892a242ca695169a6e19bb", "sha1": "d59601ad5db6244c69d0a03d02567e5ec4930cc6", "sha256": "c2a25f3cf09af2e2a64cf8f3bcf5990ceb65a0022a6f46c51ef66d0df15d18ce", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "zepto.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/filp/whoops/src/Whoops/Resources/js/zepto.min.js", "md5": "54c9c5d40126e729d3eb1db81420c3d2", "sha1": "cbee54076e1f1dce5f418d62e13cd12500a6ff2f", "sha256": "9cfb903afa8a5c82d8f8f96369229337a2be8c1c980dd908168b7555f69a2e31", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-bidi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-bidi.js", "md5": "3e270080851c6e1c7ca1c5cfc5245934", "sha1": "bde54cd2b94e555825074734afe582002bc78558", "sha256": "dd1a5a9cabd098b6e7a76c80f438791fb6c5e96d713786a0c50e9d43cc697ee6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-polling.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-polling.js", "md5": "37f2b9b3084a62cbca1a65c1b15fa04c", "sha1": "d9c8020b26fa9cc5d41b2b4f7adbc6b92fdfc5a5", "sha256": "3f6dc0e3bdc94378259d8d6f94b313d3c5e49ac3a1d80e15ae08b8d32a4d8f13", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom-style-ie-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-style-ie-min.js", "md5": "f7f7311b649322c7ba9adaef514cf974", "sha1": "a9127cbb7e32160674472574eb7ca1e323d55e0f", "sha256": "679315517106c161e60768beeeb8ad218a50546990d2e4152257e2f1cede501a", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-style-ie.js", "sha256": "679315517106c161e60768beeeb8ad218a50546990d2e4152257e2f1cede501a", "sha1": "a9127cbb7e32160674472574eb7ca1e323d55e0f", "md5": "f7f7311b649322c7ba9adaef514cf974" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/dom-style-ie-min.js", "sha256": "679315517106c161e60768beeeb8ad218a50546990d2e4152257e2f1cede501a", "sha1": "a9127cbb7e32160674472574eb7ca1e323d55e0f", "md5": "f7f7311b649322c7ba9adaef514cf974" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "highlight-accentfold.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/highlight/highlight-accentfold.js", "md5": "8017c32672c391165a974c329f0b95b7", "sha1": "e4084ae381da087dea32bb1a00a1e7f1bb90acc6", "sha256": "6415434a3da4a67bb2219e398e42e6bd103424d66b761ffa54450be5707f9e0a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/lang/datatable-base.js", "md5": "b36957385f2b51ed3b7b85c4be59977b", "sha1": "2d8d86c85ecd98e35842f13338f296e67d32335d", "sha256": "41f93933321c79f43c9476145ad22cd9b099ec376bbf6fd5b566c330ecd2f9be", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "include.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/include.js", "md5": "f79a1e7eaf19882eb34f883f5df877f5", "sha1": "1db307e1a72873177ba685afb8c6e1fb2b2fee8d", "sha256": "bf9a39b5b3e03e36e71819ede171ce6c971498ce3e7ed33a15d25e97e611737e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "swf-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/swf/swf-min.js", "md5": "e5a25675fee9a2d610f515c3d857a01d", "sha1": "56acd88e673e877369914d7e59f2d09c03cd2c44", "sha256": "a1a45935199a9d370b83142c6546714c381286c620f3655f5f9d44ddea001ef0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "base-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base-base.js", "md5": "bbfd291f0a56c99d2c0550d706bfb17e", "sha1": "29033c14ccc2cf6ba7fba69f40081139e7e83927", "sha256": "160776ca9a83fd69509379ce266ea41716dca342fa404002e5142e156a76a201", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pluginhost-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/pluginhost/pluginhost-base.js", "md5": "c190eb3b0a8a63b3e46976e1c64b6a36", "sha1": "ab926c64c5ca897e091383255d34a1f049ea69e1", "sha256": "f0319def8dd090a3c95c40be8668ec145f08fd09d763169c7efdc6cae3826b09", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "MarkEmails.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/MarkEmails.js", "md5": "41a9a30c644d34f8e039e4ebf3d31e09", "sha1": "266f2885f4b5f695fafc732f8e58cf5a0d102a53", "sha256": "2709399e4d5a7e1248dfdc34c253ad4845be098508cb2f075f1cab65c85a0f0e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "slider.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/slider.js", "md5": "3862cdfa21c8b1f362d8852f17d39983", "sha1": "126916e1379a0e7a71e75469eeb33ba511135ada", "sha256": "feeacbbf71fe65f83825c802236759f3509f48be5c2992e9fdd60e361231fbcf", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "oop.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/oop/oop.js", "md5": "18d01168cdb05e6b8787e0274dd59568", "sha1": "23d940bf8bc2ba3ea22242619590c62a14f55a72", "sha256": "591f80aae341c93c4fe3646cdf5499ceeca1f20fb2a485775f0a4f420fe31ebd", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/oop/oop-min.js", "sha256": "591f80aae341c93c4fe3646cdf5499ceeca1f20fb2a485775f0a4f420fe31ebd", "sha1": "23d940bf8bc2ba3ea22242619590c62a14f55a72", "md5": "18d01168cdb05e6b8787e0274dd59568" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/oop/oop-min.js", "sha256": "591f80aae341c93c4fe3646cdf5499ceeca1f20fb2a485775f0a4f420fe31ebd", "sha1": "23d940bf8bc2ba3ea22242619590c62a14f55a72", "md5": "18d01168cdb05e6b8787e0274dd59568" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jsonp-url.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/jsonp/jsonp-url.js", "md5": "204b708475770d6221a0d655ad249133", "sha1": "bbcab8707b9d9d2e53c8e7f725a211743c57c6a2", "sha256": "fb6673ba9ab8c24d7cf3353f71e56c7de6b83001705387ea9294dbc19ff5273f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-CL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-CL.js", "md5": "1ef70de43dd87a5eff02053a1366dc6e", "sha1": "3b649c216809911ecb106b81261c54b842b24951", "sha256": "9715dbbcbee45daf5b371387a8b7a0b401f0589510562544ba5cd5741bae3445", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "TVAnim.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/anim/TVAnim.js", "md5": "77aaf58fc8825dd6ce1a0140597a393f", "sha1": "5452f015b78ff4341fbd95c3ff60af322c9d3f4c", "sha256": "9fef882e7fba51c18a107699fd21671f0269c941360ae7a1d51fe5dc27c2f0e2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-string.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/selector-string.js", "md5": "d56b396440c5283cc1fec8a60ff8e3cf", "sha1": "027569c9f4a1af7d559b098865ca95e853058c23", "sha256": "dbda313f7fd1bf1db7608dccf6d8660d927ded337bfbd6c18307a361cf85f313", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-IN.js", "md5": "94a8261d20f4822e1992ac989ac31127", "sha1": "6e429a677ef94e3ae6eb56718973426bf6373b48", "sha256": "dd4446e28c3bfa270009351109c7b6112302e7eb4feccc5f01695e917f665f30", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-touch.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-touch.js", "md5": "69ecc066b3d8aca89b31a1353147b746", "sha1": "090225f524a781e9a059b1e3884dbe663690ca28", "sha256": "98e235a67593d056895db26e14c5b46cf1e0ceb3c0bbaec24042109551fbe103", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor-br-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-br-min.js", "md5": "6ac02b6453195521d8d843d0dfb45cfd", "sha1": "e19325359eed9c0d98a4238c3c4a290633cac143", "sha256": "3cc915c2d2243003f1dc1fed9c0ce7c20d259f66fb737c1222bfde01e7229422", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/editor-br.js", "sha256": "3cc915c2d2243003f1dc1fed9c0ce7c20d259f66fb737c1222bfde01e7229422", "sha1": "e19325359eed9c0d98a4238c3c4a290633cac143", "md5": "6ac02b6453195521d8d843d0dfb45cfd" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-br-min.js", "sha256": "3cc915c2d2243003f1dc1fed9c0ce7c20d259f66fb737c1222bfde01e7229422", "sha1": "e19325359eed9c0d98a4238c3c4a290633cac143", "md5": "6ac02b6453195521d8d843d0dfb45cfd" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ro-RO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ro-RO.js", "md5": "4b2b98e2ba4120e4966009af1f0c91b5", "sha1": "2155bd521044c5932e23c204a0f4fc0163925a3f", "sha256": "76236cefd81991f9bb4ef4f96a3f33ea54caebfc2b86c34f08275b6e5f25bc52", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.gauge.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.gauge.js", "md5": "f58ac2133d4bb5ad0abc18a1bdd83cbc", "sha1": "001a703c59fae27118ee624aa44f48b0c45c6fc1", "sha256": "a86f339c5bf428d29617f154484dac585844134104ad5f710c202d56be115fbe", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_zh-Hant-HK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hant-HK.js", "md5": "2839fe4db17f170653ef0a46c7ed1ff4", "sha1": "d556f5267908b3ff0bdcc6d9f64d00cfb7b39a4d", "sha256": "2883749f4533596a7722348a2e79de9c6e98fcad6b865cac19630bf66d6139ce", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "favorites.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Favorites/favorites.js", "md5": "b1ff0e1d74c99a21689c328369af9fa6", "sha1": "4a121d8e2b6afdad42856e42450b81d0815a8c2e", "sha256": "7f623d3ae08033bb60f89013c227d65e901a2783839ca41ba3b5012817a4f786", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/autoresize/editor_plugin_src.js", "md5": "4d1cdbe307f73b4d36d1bf9b3bc2d0a9", "sha1": "6bd7c3fce7dd5fe79cbce7dedceeef1b5650dafb", "sha256": "ade5ce29cad0c8aa3aac243425f3d344754901efbdfb8face946257be4621d99", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ca.js", "md5": "1da9a7a9c3376ac5c5672ff496792aa3", "sha1": "804b5de4d802ae0d935d815ce30668db1aa292b4", "sha256": "42c100d59566a35e5503c9a562748d892227ddc8b5d168f08828b7a95b2eb16a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/lists/plugin.js", "md5": "3e428f2f1e35356c1ad5dc197764fe6a", "sha1": "08da0ac40d7d091f03516a28d96b1ea3b6a6333b", "sha256": "8affae8166a53f08b78f6782434f42fbdb39cd221aee642709be70a5b31488cd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_fr.js", "md5": "ba19fc52c771d72fc2a19eb1485ff4fa", "sha1": "b55728712b0f84175660bf3242d569c6f0104df2", "sha256": "18e98f837ac377336fd564bff0c8166a9168544f963de22362c673d6c1333e2f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "collection-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/collection-min.js", "md5": "b5853da0d9c8703e67d9a383df145e9f", "sha1": "2f81ffa3f057001482273afc98369aed873b670d", "sha256": "86c92de33b2e1b60ecd48f0ec9836662fd16ab41f2e29248a28fb8bae7674947", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/collection-min.js", "sha256": "86c92de33b2e1b60ecd48f0ec9836662fd16ab41f2e29248a28fb8bae7674947", "sha1": "2f81ffa3f057001482273afc98369aed873b670d", "md5": "b5853da0d9c8703e67d9a383df145e9f" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/collection.js", "sha256": "86c92de33b2e1b60ecd48f0ec9836662fd16ab41f2e29248a28fb8bae7674947", "sha1": "2f81ffa3f057001482273afc98369aed873b670d", "md5": "b5853da0d9c8703e67d9a383df145e9f" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-list_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/lang/autocomplete-list_en.js", "md5": "c045db0a0f123c257eb004c2ee5b3c9d", "sha1": "e097754e726677dc196eb90786b008855497622d", "sha256": "7799fc132d6405a422390013fbe2794a6560b938c1305197f3e020e07b15424a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery-ui-timepicker-addon.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Surveys/javascript/datetimepicker/jquery-ui-timepicker-addon.js", "md5": "b6ad4a032a5ffdf1281dce85be39d1ac", "sha1": "76b7bb130182a7e2e2cf66caedc796d2778bf3c2", "sha256": "9f55d4a7b192849980532a343880b424a64b6b0bad65de50274ae15621022c52", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "get.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/get/get.js", "md5": "4b9feac7c1cf938fe81cba66436fff63", "sha1": "88fc040aa21a7ce0c07893468fdd6faafcbacb7a", "sha256": "57f302f40611c49c12c447c98e75421eaac2c1f3281e41eecd654ca0b3f0da3d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "highlight.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/highlight/highlight.js", "md5": "823d9e34927727ff56e5c8edcc44fe70", "sha1": "3bd966dbe032b407a096811ceb4b65a6cc09fced", "sha256": "424a4257a710dd388b844beb0d60170a30fffbdbb7a14a9a525caf97b6a7252d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/tabfocus/editor_plugin.js", "md5": "d3e5ef7a1a203516af0d8fdf94952fd2", "sha1": "0e618b0154d02b022b0d6d2d4aee366bbd1bab64", "sha256": "3aa2e7cb54763e11b767011c06792a46147dbe2debb34c91f15ad9970750beb8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_it-IT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_it-IT.js", "md5": "5a8a42af4b240592e50397b9648746eb", "sha1": "5297c700820109b9263413c7521c19015b5d13b0", "sha256": "bf0eb26f334aae3180b09f595b05be2628ca0f905258472b45bcfef5414b26bc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "swfdetect.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/swfdetect/swfdetect.js", "md5": "974f6328eb05cc24c379ed7942256950", "sha1": "2dce3d0015419f9119e95af28b1699e0cbbf95ae", "sha256": "77d143be2ab0e4b663737fe4c87cd444e49c9b1da73edb716fd00413f592133c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/legacyoutput/editor_plugin.js", "md5": "b732a86187723cd9cc32853d67730061", "sha1": "1b9293017878e20fe48328c451865a8edc5e8b5c", "sha256": "601fb2c0276dffd01c9ac8bdf0c93f32d05671f3528dcdc2811fddd3a0839f52", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tabview-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/tabview/tabview-plugin.js", "md5": "5b4ba0408731a329963c11b0b41e89c9", "sha1": "861442e22bf6037dbcb2ddfd24041e96fc7b1221", "sha256": "65961a961317f9042b6be008073eb6642732758b605fc71cab6979ff404eb07e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "license.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/license.js", "md5": "9b5c798584a7ae54703dcfa2d1bb991f", "sha1": "5ade9fb870a78d75df06a1ba18971df6ee3af467", "sha256": "e407062abc6e87383771b737b46b1b26bb59b3a904c5126ccc0986d49416b338", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "base-build.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base-build.js", "md5": "9dc877585177e7d59b0f5efeea9b08de", "sha1": "793cbd57c7c9acb8b273563679dba8f7ee9c1d3b", "sha256": "d0fc71c47f1a5e46ef4ec89ee9f4405da93785f8cb11a78863c2b2285b7f99c4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_fi-FI.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_fi-FI.js", "md5": "a2e7945d37b6961e2d38bdcc46c781e0", "sha1": "6deda432184e60a791f9a071938514225b69adc3", "sha256": "98580ac0547931605694b82edeb61374d85ade730d141f8066e3b3da30f41986", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ca.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ca.js", "md5": "4831bf5a77627fe0a58b7198ccea90ce", "sha1": "24304c20c609be3b04b09ee6a1501c633b2bd132", "sha256": "788503621dd15ba8f5b2b2f0075b95859c72b0a82be5a1d6ab824d596c84350e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "selector.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector.js", "md5": "f0f708f21525398e7df7efef62810f97", "sha1": "a37f45858fb037436f72889f70770247ac80a5f1", "sha256": "f720ffae7d74616fc732988b9a30224b81943efdfa35f89cb49263ad36e044f0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "classnamemanager.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/classnamemanager/classnamemanager.js", "md5": "b205d87cc557b170385c518be61da6af", "sha1": "015f7f2022c43b68973c20a599026647560bf5c0", "sha256": "b0df4fe08fb411f69b9a8c042b77801dd8d414572b2c579e922ad024cd29917a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/preview/editor_plugin_src.js", "md5": "6f9c3234dfdc0f62b713e8771f4ca5dc", "sha1": "4c8cd282e1fc76656a8e93054bbeb07749e3aa8c", "sha256": "57546914ec8f78bff53880558fad70cf8dde0242b05690593d451b27cd6fb566", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ru.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ru.js", "md5": "2efd488d183a0dde5abb767a4761fd4b", "sha1": "75b2104a6266d7ace0b6c172f222ce6c1b84470a", "sha256": "61b044ab2320394b9132382ab6c1fc953785964c73a9cf1b162d792ed2321ddc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/sl.js", "md5": "3d498fb64afed71b179add929242a49b", "sha1": "b8f92e8cd503a061a893149ff560652228775d1c", "sha256": "1e672a4d9f88a5bcb7972f1463fcdc77ab8e4f7dd0c28345419404b25277d133", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-PY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-PY.js", "md5": "4086f1719e4cf8d2253442bfd2b3f6d1", "sha1": "fb3c96768862264bc1ed166b3f3e57254e6390ae", "sha256": "d6ece00e6e2f0cc1b23ec33f90cc40e3d9f62d7d4b306901ce56c37b9dec2d19", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/print/editor_plugin_src.js", "md5": "076722d31a5b000bac61bceaed6e5a66", "sha1": "b762a58aaae2586fbfd1af6e22aff4853b188d70", "sha256": "8f4096e49183b1311113f7d13545ae6b941546d01bcbf8d5a342a532dd367490", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/bbcode/editor_plugin_src.js", "md5": "f0cfc36c75dd1980661319a6a3ffbd41", "sha1": "73518d0916f6215c482cd79310711fe076c426b8", "sha256": "84b75c4d5e004bb980e86462248ae79c413df5232e7d4ed545e59917ebab81c4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery.js", "md5": "819fb9d29c24f79d34343e9f182aaf24", "sha1": "e6807a82e519ec302992eefd2a0a1145679645ed", "sha256": "629668c029fa8081c641bfcaa64bbc1f671c652ba89c1f29cf71e1ac05804cf8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "1.6.4" } ] }, "packages": [ { "id": "pkg:javascript/jquery@1.6.4", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.6.4" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-6708", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/102792", "name": "102792" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "info", "url": "http://bugs.jquery.com/ticket/11290", "name": "info" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20120206", "name": "https://snyk.io/vuln/npm:jquery:20120206" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", "name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" }, { "source": "MISC", "url": "https://bugs.jquery.com/ticket/11290", "name": "https://bugs.jquery.com/ticket/11290" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0" } } ] }, { "source": "NVD", "name": "CVE-2015-9251", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", "notes": "", "references": [ { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/issues/2432", "name": "https://github.com/jquery/jquery/issues/2432" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "info", "url": "https://github.com/jquery/jquery/issues/2432", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0481", "name": "RHSA-2020:0481" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588", "name": "https://github.com/jquery/jquery/pull/2588" }, { "source": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/105658", "name": "105658" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { "source": "info", "url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "name": "info" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20150627", "name": "https://snyk.io/vuln/npm:jquery:20150627" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "source": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.5", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0.1" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0.1", "versionEndIncluding": "4.3.0.4" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1", "versionEndIncluding": "17.12" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.0.4.0" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.0" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.3", "versionEndIncluding": "7.3.5" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2" } } ] }, { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/contextmenu/plugin.js", "md5": "d15915ff3ac4fdf5120b2ca6985baa88", "sha1": "34d6f5ba7f2ef0ab914caa3baeb1015b3e2bac1c", "sha256": "dfd4912f8067bc5c7c2dc776d1544d97406b0ba4f3dbf606a4b9e4d1b3f6b6ef", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/advlist/plugin.min.js", "md5": "6d203268ff6a5d95cdffd26dd3f6df76", "sha1": "2dea2e8b7ff9105336fd25b1c806c5a606700457", "sha256": "ed03753f856b75361c96d4c09f1f69503fd5e9ef6bf17b81bbdd10c0b4b65bd5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ListViewHeader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/ListViewHeader.js", "md5": "a74d18ab45171fb85502d9777c6404d9", "sha1": "72d3ae8358e3169648906b6a791e3f975986efad", "sha256": "6d114ab5c881d6b3c47fbbda8c4f0409bc47d4eec0086011b6983c237e65d313", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "utils.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/colorpicker/js/utils.js", "md5": "c783cb08bc50b4cff0a107ec2f147613", "sha1": "ecdd32d3b2642c34eb04cde6f6655d65237e5bf5", "sha256": "9423a510a35aafbb6028412f1bba8d96b784c881896742179f25c550e521161f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "de-at.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/de-at.js", "md5": "f7642a584d60e59fcda53402fce96b46", "sha1": "f18e32fe5f7988a793f59279ac98d73992ebb634", "sha256": "6d85faa1595b2d53e0700cd067a0c85fab28098e9d6930b1f61451ee1942ade6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dom-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/dom/dom-min.js", "md5": "4c0fd9fe7500255ae347610e31de4449", "sha1": "bf1d45bf1645918f24cbfd35726a65632ead2f66", "sha256": "3f52a9ad4df498eba07be3e7114f01a250c9b04f96fbd290988b7b931606d71e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hant-HK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hant-HK.js", "md5": "b3bcc8627c00842303679d3e5e13adbd", "sha1": "4e5ee051e0f9019f041b56c98786c3445154d3d2", "sha256": "5e43ecb731bd30b50cb4c741d6e4d60a4be128f1f8b21f1e0bd2570712148c91", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "paginator-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/paginator/paginator-min.js", "md5": "c2e0fa46bc14662193df6358d440e90c", "sha1": "44f13a88440c004f164134ade620dadded7eeeda", "sha256": "0b9e85b1c98dccc094257f4a02b2e3c4a8a60fc7872b6a5831bfb32dab1bac4a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-PY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-PY.js", "md5": "891d02505f42bc6b06860d5f5940be7d", "sha1": "7dead7cad75f48ace251eccb60939d17e48003dd", "sha256": "06cbe1dc29cd5dc418b0e562055d6c68ca743d56392abd39a2fc9d375ce9e244", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/layer/plugin.min.js", "md5": "3828a4555da924b1e7a387b799a4e429", "sha1": "bec469242bef5acedd8729b6a8161238d4015949", "sha256": "53fd6853bcd687e326292c404a00b4a088672ea8122d896c7e19f89798cfc9f0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ar.js", "md5": "49083b2960acbc4bba3e1caddf4aee78", "sha1": "73df15118aa4c87374063d8e7f1837809f9487f6", "sha256": "5ede292ef40007b2d12683c1caead09190edbd124bc34cfb88661c9ec67a8e9e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_tr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_tr.js", "md5": "32ef35af90e9979d0375a890a1b07322", "sha1": "98882c1ba924bd617d5e55db57346081a5850055", "sha256": "f2c15c7813dd1c4ba53e83361d24009da4e6339698814e37ec4b675d3f6077cc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-UY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-UY.js", "md5": "05819fe0832e13fca15d41100439d700", "sha1": "65ecb83833b0dbea77811587166684ac164d2b40", "sha256": "fa4bd2ae31fdcd094a9ceb3877c8ec6f3afe56267ac18e05f88699358b6390ed", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-VE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-VE.js", "md5": "2e32ff14bb008ace748fcf7273422797", "sha1": "a93d4a525ee14fb3d29b2f01590fe78ae8159303", "sha256": "f6f3c1d4aa80d51c3da5abd39f4867648ed6411c9f85d77acfec306f61e16100", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_vi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_vi.js", "md5": "41d1371654b1654247b56aa949d0b155", "sha1": "b56d24b5145c50e78b8eec3e113941911d97bbbc", "sha256": "cb2054c2d611dcc46f2d63cb75076733b4f83bb955df1c1be12ae387c5635196", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "nb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/nb.js", "md5": "c8ec771d05fc9374c47b6945790fd847", "sha1": "cc3d3937176bef5ca24510a51ee692a0540c983c", "sha256": "f82f46f387dd5ad09e8bc9e771a77269e010a2d11bc59100ace34fb2a181e0bd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_nl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_nl.js", "md5": "c815de06a79e9d81821684f5c784971b", "sha1": "5d13b55cdd7c36f6c0bf930212fdcce237151074", "sha256": "dd53a59b5a8266dd2ae2e67a99bf470ea48b5d76978890ea7918245c9a635923", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "User.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Users/User.js", "md5": "430d6a4d4b14300ea4c6c3592601fa6c", "sha1": "de767ce25948dc55d51ff31df7b0c5974739d247", "sha256": "ed8700bb1c5e6560736d81361d389155e1eac22b94138fad0f8ab433484dba7f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "lt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/lt.js", "md5": "44fe71ce9d407b5c5ec89dadcc681a1f", "sha1": "4486cc695f27dc1f1b56deb584f1e3038fecce2d", "sha256": "76434fe73025bfbc6aa41e3e4e85480b83703bb1f2dd6984286b119b639ffe74", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "TextNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/TextNode.js", "md5": "736fa145ec95723013aaf44d3f17fdbb", "sha1": "fe84b336ddcc21ca20de6a81a8913970b71438ea", "sha256": "6323d06a1578d59426044acd0b92cadbdc11e202452346ca2557c45258447889", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-AR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-AR.js", "md5": "35031f96996f3336263d745f6a57adac", "sha1": "0e7ada57f798fb28263739c40adcc496c5a2b0a2", "sha256": "c96fecf1a64ad18eefc83ed78b3aead53add2b64abed4ff53255dc8877270130", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_sv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_sv.js", "md5": "ad8d9f49e616aa49714bb9f830f7dd57", "sha1": "b8ee419b110765c87c5d7d129ceca0e65ff2fca4", "sha256": "50079a25398f8c9caaf89f9cf36600d9b0ae5f426e2bf5d1c5c9b2b351befe11", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-EC.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-EC.js", "md5": "a86a3a93e6aec89c56ab7bcbb65c8033", "sha1": "b515711c32422b01809f62af1696d8cd3c629226", "sha256": "92dc40dcdbc564bf396cbb9cd96fa067f08b456c19d84af24e5e37e2b0336794", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_fr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_fr.js", "md5": "1be9878ee571cb38c090312b9ffdbead", "sha1": "8d1574379e24c8fa2a6ea9977c4b09e2f5c84387", "sha256": "cc505c52f474fa24b54c90bbc59a4893850ce45d0fe1b25912fb089d9ecae487", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_tr-TR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_tr-TR.js", "md5": "dcfaca315bc4b2183f52ffa8ee277c02", "sha1": "8691aff79088e9545175a2c01e608e7a8b5116ea", "sha256": "49eff9afd38f7bb7ea22c890e5d962445c18f1b319af8a23dd5b603db177807f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "arraylist-filter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/arraylist-filter.js", "md5": "a5e26ccc0a9fe07caf872aa8f75f8811", "sha1": "c309fbb283285ea1651a5cc5c86e1f23d47cd39d", "sha256": "45e1c2f8a924140addd681a61b93afe3382534657acdc04826fe5ba0a21e5436", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/arraylist-filter-min.js", "sha256": "45e1c2f8a924140addd681a61b93afe3382534657acdc04826fe5ba0a21e5436", "sha1": "c309fbb283285ea1651a5cc5c86e1f23d47cd39d", "md5": "a5e26ccc0a9fe07caf872aa8f75f8811" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/collection/arraylist-filter-min.js", "sha256": "45e1c2f8a924140addd681a61b93afe3382534657acdc04826fe5ba0a21e5436", "sha1": "c309fbb283285ea1651a5cc5c86e1f23d47cd39d", "md5": "a5e26ccc0a9fe07caf872aa8f75f8811" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "tabview-base-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview-base-min.js", "md5": "fcf32dcf4ed65e212cdd0abc2cc1179d", "sha1": "28bf594db111ae16e1321670da75e76ea032cae2", "sha256": "a7280bd9ac5777439f1ee2ddbb6f440d3ec9ab2ee680fbdb8202c1806940d82c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview-base.js", "sha256": "a7280bd9ac5777439f1ee2ddbb6f440d3ec9ab2ee680fbdb8202c1806940d82c", "sha1": "28bf594db111ae16e1321670da75e76ea032cae2", "md5": "fcf32dcf4ed65e212cdd0abc2cc1179d" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/tabview/tabview-base-min.js", "sha256": "a7280bd9ac5777439f1ee2ddbb6f440d3ec9ab2ee680fbdb8202c1806940d82c", "sha1": "28bf594db111ae16e1321670da75e76ea032cae2", "md5": "fcf32dcf4ed65e212cdd0abc2cc1179d" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "media.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/media/js/media.js", "md5": "2ce7c9267fd634f34a2d87a2a6202047", "sha1": "830534563f0e4e46d23cffd0979fd58889cbaa79", "sha256": "856d8a5e48874d79fd79e6075d787bd69e64365bde56021937142c5cabf3e737", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "studio2ListDD.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/studio2ListDD.js", "md5": "9a720dba2684d8991a583c1c6312e102", "sha1": "38b5d2090f59cff8f6513c88ae201f85a3c270eb", "sha256": "a6dc120b1026278311049e12683e40baee8d8b85b1fab433800f1e41d46789d4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.rose.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.rose.js", "md5": "a1f76e28ca3a5967a7f16e72c9154bb1", "sha1": "19fefe852da9277d445e2c27e210cdc879701b5e", "sha256": "72458e5d3548a6be1b47821559cde4bcaeee498b0d3796df1e63c03cb41c3ab1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_pl-PL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_pl-PL.js", "md5": "8f5dfcecdcbc63a4d0158bf1e86c6de5", "sha1": "b3580c8208c0ad73a2831b15e4e65e00cfd0b926", "sha256": "e820ca0e40d7cd586ef54bb53e6efbe88e7b8175394abb59b1bf845e1c7be6fc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fr-FR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_fr-FR.js", "md5": "1f49eedb5fd9fbc05d923e3deb038cd0", "sha1": "750a0dad9cb59537e93d3fb8a1c482953c0aa298", "sha256": "a3c9893f2559eff3319203e4e29f36bdd95271cb461098170c8fafa094474b01", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advimage/editor_plugin_src.js", "md5": "009b379ce06642840f3124613afc7653", "sha1": "a2bc699a93e9d251a23b868b95b01073585ef249", "sha256": "613d5a6ca14534b00bf2ed01cc23e373728b7bf3fb9a8ae895c598ba86028777", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_nl-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_nl-BE.js", "md5": "8bae697fd23074d7fcdbff6f7fc03db1", "sha1": "33822a360c56f5bcfe8333e5a31cd3c32e886b38", "sha256": "52c9f00830945f827c6c2f1b301baa3271a2874fe8b9dca1934eb876ecabd4b4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-PE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-PE.js", "md5": "9c7eccfeb95428a7df76790e5e77f27a", "sha1": "8b22383f85b69a7ed1673d4cdda4178a387ddf6a", "sha256": "4f79d1583f832f058426aeb9440139171313b941033bd7cc161913683a7a6549", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dom.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/dom/dom.js", "md5": "cbc11f70c62285bcb55ed4dc9d3e6735", "sha1": "4891d997f6630d463539a5f9eb88d56b21e7eddb", "sha256": "747f67c5d24cd94ff6bdd2b8f209334be99440189140509360a1e1c4914723a8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_da.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_da.js", "md5": "a183a068b717aa71188618708f8a2ab4", "sha1": "c59f732d6f1a5bc40fe42c1eec878b6f7c9e5b9e", "sha256": "c1213230ad98506591d29c064188bc3fb158ea9be7b3d626dd16c524fd7ed227", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "no-images.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/no-images.js", "md5": "57009215d0116883f11512d5729fa1c2", "sha1": "eebdaddca683b0a9f04b82cbacc692c86cd0739b", "sha256": "4b830b4ba1ed93632ce7726c86c590cedee71c28510026099672ba16b2843088", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ms-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ms-MY.js", "md5": "4b9d964ec8ca13feee6cbe87facd7f94", "sha1": "47ec741d125d485994397dfbd44cca2de38f494a", "sha256": "f3b1e8da2f4f59a4aadb366bbdc39d33d87ddda44217e8f208ffbbb770108c2c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_es-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-US.js", "md5": "f3055fb84a3fc6251fc0febc3e0ebc4f", "sha1": "f1dd95fe98d51af13f56e01b4b2d865f5b633920", "sha256": "b5c299a5d6c43e7ea660a3135ea4926bfa8d8e339a6e075ec5345144251173c0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en.js", "md5": "5b0ea65ca9479736a52c1c0ea00da8e5", "sha1": "5efdb9b2e6a63a35a0a135f725029c0897640106", "sha256": "b276ad37220713aba1fd8dd36a454a56ff7890123d16aa3db278dda59e24e4d8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "siteConfig.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/install/siteConfig.js", "md5": "b54510b226d9ed23211f577964115324", "sha1": "ab80c9667e6a94dc1747cc2ef917c8977ed17d5b", "sha256": "3620d6727d0ce6a0437443793603d0ec2a92628b0125f3174c743586b6d8775d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fr-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_fr-CA.js", "md5": "a0b84a7bf96df3fd30134fa30f3509ae", "sha1": "f5e469f164bd02234a37045062f42c7dd13671ef", "sha256": "eee5cfbbf746768e1efe6de90486844f07ec938454b31dea9f1972f475ebaef3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/noneditable/plugin.min.js", "md5": "bb61e71f10f6eaac6b8d6babbbb7a5c3", "sha1": "dd94c44d2ea928bfc5b5dc33ad38b827fe92ad6a", "sha256": "471546830c560c3bbb05ff1fe1c86ccaa1f6a7b1eda7534ee1049ab18ea44311", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_pl.js", "md5": "37106ef755481b2da420b8a7705b7b13", "sha1": "ba7312990f8f5804d8ccd7a7dc53565cc1a79467", "sha256": "ea061ca4b399641abfe8a011424c15d8ce19b22b8865aea4b7cc3078117b82ef", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "text-accentfold.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-accentfold.js", "md5": "d020d799c3c93e04349a1d435ae223ad", "sha1": "88d2f5b45ef662f67c5840138aaccf17b0c1f1e9", "sha256": "62421b058521f5f87b38dab7f20023bb1d26921dadcb469afb57d5b5984a9c1c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "outro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/outro.js", "md5": "41c825f2a240023f7619d071b6cf0ba9", "sha1": "b1f146c3157e6486d1e66716213b247b173f2bdb", "sha256": "5afe8aa33b5c6a18e842d89d08a593719406b7050fed27c8b247dcf90513d4c6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype.js", "md5": "298b406e64af70f5b1c65bb357961632", "sha1": "f4f05762bc170a31f6bf2af3225c97ef57ef1b66", "sha256": "1157ab684e038ccdca71538266f4a7fcc4af6df896ac5f0648e9f0ba42293964", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/wordcount/plugin.js", "md5": "e91a15eed4ef0953a05dbf113291ba69", "sha1": "a0bd047cfd9327f6840f57c576c8900c7c11a326", "sha256": "f461929739460002929de04ab7a9dab398924c75c2a4a11aac1b3a3668651775", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/lang/datatable.js", "md5": "be7bbf31f89c6f8545ae991b447fbbd6", "sha1": "62f3b2a54e890dca6ac096ec3b9ba762292e25b8", "sha256": "141381d24a47b177b874bb814ed663f8b02d6fc7c0520d90071153d7280dcf7a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarRest.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/service/utils/SugarRest.js", "md5": "37424213bb5cd5025f41a434f58911b6", "sha1": "4c30580dac648f4d2aeb7ff5a9dd471add758a88", "sha256": "9d8041de490ca35c9f6a25ca76903b93b8b0d54db3d2c16e50892c9aa0239886", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/legacyoutput/plugin.min.js", "md5": "65d0db722602c2974ff4c8c5c1a2ad77", "sha1": "6e85beb165fa208b4b206a14cae6cdd5ea21d5f5", "sha256": "47b4ddb198f19c2ca0a485f1eae47d7fb5179d55ad899c2390a67da9f8023e3b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-US.js", "md5": "bf08d1ce1e9d17c937104512707c2cfb", "sha1": "587eec9aa57b5d7d0e3a4cf14a308fd2fb9bc8d2", "sha256": "a99c191034d59a27feaaa43d9b53ef693832cc58120c35cdba5c71739fbdc77f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_da-DK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_da-DK.js", "md5": "e01eb0fcb33575acd7657176cb736c91", "sha1": "103b66225e133bf16bc11d3e5f60124bacbf03aa", "sha256": "38571e24ae079495f048dd94f0743977e4ac21663ced0da8f026f629de7b2044", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_nb-NO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_nb-NO.js", "md5": "071a1a488d93357e8e6700dfce9044a6", "sha1": "e750d82513b405ab0c4d59e8deae1e6c1bb5b96d", "sha256": "967980b0eb69614f8ce28bff3a41be615d3ae3d346eb380be70b411f74aa26b4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "misc.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/misc.js", "md5": "73e45458aa7ff80f00a48cb14865cb3c", "sha1": "c47dee1fd0f4d250d3503293dcefe2844b73a2f3", "sha256": "670b5d57ffeac636e7d4bb4f82229a8d582e8f10a4208c7699f3ba3bd8c2c430", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_it.js", "md5": "f1a886bdfc2872ac17939922455f79d4", "sha1": "4ae181ae4ff2e65933bdf6e1ec5488da12f806b8", "sha256": "81123defdcef7cc959104863a6094d249ce7c596040314934e75c46d0f568a94", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-delegate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-delegate.js", "md5": "29d95c720aca0d1c0ad89c7edc0ac751", "sha1": "7531e1130e31eb7910f6c4943e7b71e34fb89422", "sha256": "382e64b73953b0332e6d52fb6cd8d8cc3b2fc054de814c411d518bab54bc3cdb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "scrollview-scrollbars.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview-scrollbars.js", "md5": "bfe24a6252027d6953fc15a4a8a8dd0b", "sha1": "0ba1e417d4088146b35dca65c6437bc6d78b731a", "sha256": "8467b6b8dde4f76d3c699222bc64205e24cae6bd2f1f9e85b65026946e6d0f23", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cache-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache-plugin.js", "md5": "aa17ce6345b3f2878573224e16b58d9d", "sha1": "78433e25c818901a4fc62ae7b257c703f1d552df", "sha256": "4e32f289d8c30aa41f97989b8c530137e3892f7dddf161211e852fd1e27cab5d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datemath.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/datemath/datemath.js", "md5": "a94ea0d1dceb5c04a16da86a11632200", "sha1": "e5fcd5fcbb19b3b4f8978d6fe2f30627d15b1fe8", "sha256": "7a95553a6e0462e62f1644b6a3c62901aba1d9b2b764ec0ff5fe398d95ae8e91", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "loader-rollup.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-rollup.js", "md5": "621ffdca48af20fc9209e347fe3756c0", "sha1": "4fd0779b13b7ed71f8706c96644cf93561d98ae6", "sha256": "35bfa831eb30840e99a585fbb8743cc1f042b61b74eb21ccc5fa832b8a7d53d1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-CL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-CL.js", "md5": "b4960108e0b9a39b3a40b4914bf818b0", "sha1": "f445d373c4dd539b98a81c4ed94c3e13cafc7bf4", "sha256": "aee5ca61449241166ded2ea1d52b566ad0aeb761a8fb614f7f07d6a3690c1f52", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/pagebreak/editor_plugin.js", "md5": "8be3376740c886fa2842d2f4eb282bbc", "sha1": "471ca2b306a79eaab9a662a9f19db75b7cb997fc", "sha256": "1dd02282d756498999c26d82b07de046fd38b239da04f18666de87a2a7fb06a9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SettingsView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/SettingsView.js", "md5": "324f5e17b0e5f1d8685086117c85cc35", "sha1": "af1ce3e2180bf0bab91357cf9281b5f1cb1d674e", "sha256": "ad756325f896a3aa0b465e0c52c7f7f3b7ad90612e5cd273647a3a7caad66cd3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ConfigForm.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/HTMLPurifier/standalone/HTMLPurifier/Printer/ConfigForm.js", "md5": "81ff3120ccb99e82f434d0afe908c890", "sha1": "e646e4c2c4f7f6028f48baab7b43d7eb5269a600", "sha256": "deb7e0be0f21b4cc8ce8247ee3b7711fe3f3d7c69c3f69bfaad879d3df845def", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "moment.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/moment.min.js", "md5": "03c1d3ad0acf482f87368e3ea7af14c2", "sha1": "a8ca7eea2616fa92e2e85ba6291af6ea012fd190", "sha256": "4e411c99fe4a486db34e801a53392ae86f8659eccc438944b5a062c9aaba25be", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "layout-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/layout/layout-min.js", "md5": "8586f41a0d8ce653d8708a38c0df67fb", "sha1": "b3fa4057a2ee8181edd5e4d742d3550e7990fadc", "sha256": "f7010eee549972383a019d1b962914c445cfe476d03dcc7270700b2a559e1d24", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ko-KR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ko-KR.js", "md5": "50d02185b275d4b8011a66cc8cae0be6", "sha1": "94585653b20c81d54cc37637a18b510c56b03b21", "sha256": "879c13e19d7cec776f04a99218f7681bb3f2fb9d8da6687919be4029c16b0f08", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "transition-timer.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition-timer.js", "md5": "0ff28b903c7f8c38ece81e14a983d344", "sha1": "d768422461e67ef095f86369156aee6f2722b365", "sha256": "9b2c7aa2744f114af32e6b5322c010f193959ece0434a0b7dff1c9cfa627c44a", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/transition/transition-timer-min.js", "sha256": "9b2c7aa2744f114af32e6b5322c010f193959ece0434a0b7dff1c9cfa627c44a", "sha1": "d768422461e67ef095f86369156aee6f2722b365", "md5": "0ff28b903c7f8c38ece81e14a983d344" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition-timer-min.js", "sha256": "9b2c7aa2744f114af32e6b5322c010f193959ece0434a0b7dff1c9cfa627c44a", "sha1": "d768422461e67ef095f86369156aee6f2722b365", "md5": "0ff28b903c7f8c38ece81e14a983d344" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_id.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_id.js", "md5": "595d7f46550594ad5942c054605e12cf", "sha1": "73e88fa863de3b2aafe1e0eb65c947d59bfcfe5f", "sha256": "0b1a9bc7bf3e6b14fbbfa1fb3239ecdef30d813f8a876f12d58c219c6e9bfb02", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_hi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_hi.js", "md5": "0b6a8daa898b6d2159cb25cfe6432f14", "sha1": "a839c0993f0b8a9b8258352523f150c11af645df", "sha256": "6fc45c1ff59fa281aeb6ccedd1c9aa3fcc0659d282d59175ccaa19e9213e6ade", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_nb-NO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_nb-NO.js", "md5": "70d6f033bd9d8c06e7e94d01b5d326db", "sha1": "8c0145721263cb5f6f0fd6b82b78f4bd2988d0f3", "sha256": "7f8e90cf796c5696e070c0babf472e36352498a2856c7ffca5551145f6b832f1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-MY.js", "md5": "b20e3d3d01b8134a588d67abb0f73cb7", "sha1": "86bff73d0dcba5319952b03faec076af3c34343f", "sha256": "afbd1644f56ef0445a8cf162e55cb6f12a1dfa93048e32c65288eaa7278acc95", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ajaxSubmit.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Administration/Search/ajaxSubmit.js", "md5": "9a9aee40af2f24cad0c7c0a2acbb9e5b", "sha1": "fa33ef3e1ae8c871674bb650f6be97b1984a1bb3", "sha256": "460b3e49975cfaec001577402ab6dd6a27f9166ef18742419d03c5af3e020086", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/directionality/editor_plugin.js", "md5": "e2d925fe1e778dbcade06d55164fc276", "sha1": "f350af99fdb522598d40abf94bce819f1564d545", "sha256": "adb55c8769c983b054a73eab2c42cfad2b98f995485593d9210998c229523b06", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/autocomplete/autocomplete.js", "md5": "c27bc6a9802f09626fde9528900635ac", "sha1": "61fb4b675d6fbd91551cefbd01b525aadde682a0", "sha256": "5bec387aca005e15b1c8572c8c3fc3f0bf2dd0097de769c0b1a8920bf40ec5cb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_vi-VN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_vi-VN.js", "md5": "76b960cc8aae0d2e778f1f422cbc7bf7", "sha1": "e5e2f2cc26c3c2b762be96bc01bbebe0a0347c2d", "sha256": "1ed7fc84dcdca7909c9bf6f6f88b8ed6344772977cc9a098bf07295f06569bb8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_el.js", "md5": "f9ab929a3cbbc316b6a8806d852301c8", "sha1": "ecc99631499b2e58c9adb995a23166d915cbda1e", "sha256": "428f91c13cabc08737b2928c63e058bd94abda17b7b5396d784a43e421cdce2b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "HTMLNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/HTMLNode.js", "md5": "84858f719e9b3740d1c58991b0f50d44", "sha1": "24eb871005742bf50d3d8202572be7fdf520eba0", "sha256": "20454d1b1080d3d4239e91218cff8c14cc4dbcba7c16dac1befad9cdd2de9864", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ar-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ar-JO.js", "md5": "07899c395963f175afd30efc08dae0d9", "sha1": "bdb17e409e8c9be7af237741e379e4ea90becbb5", "sha256": "1eb02a707090870d81a6def0d952d744a59b833742fdb4d319007d889c8a0ea5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ko.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ko.js", "md5": "b28559f32fa4f595b3fc6e37ad3d3214", "sha1": "85db14de63c4fbccddd46aa603ab8da61435b06d", "sha256": "23a9bfaca50f4959f6945f0b42b0bca91e8df96547b27d7edf6c4db7280c24c8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-drop.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-drop.js", "md5": "1d66534b5eef459a0b3b159eb82e8901", "sha1": "8f7d61123fa530580e5d33a3dbf5da0bf908aaed", "sha256": "eb5e4068eba99328c8eed1aa9edd95353c485895d43de388a6945ace0e7d9e99", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "hu.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/hu.js", "md5": "b542a29a5271e4ce17714fa66c142f5b", "sha1": "8af096d9501cc85e5c5c944bf07cf216d8e479f8", "sha256": "59aa96f3b31e7d05212709cad4943795b236753823eb11644da000a50b30db21", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_nb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_nb.js", "md5": "6801bf5843e7e6252e7056b9422253f5", "sha1": "ff2ea36d672331f80cabfb0bf66996397bf33d4f", "sha256": "e74f54f12f22030dde497d5c67885af895175e5096901ced55d6b005fe8cd6d5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.drawing.xaxis.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.xaxis.js", "md5": "27591eba70c3ffb4e5772f3433a29200", "sha1": "d9f960fa3fa849a94a530980c680eae0b4762d31", "sha256": "ab1366cda04e22d65412b8b574154720cd52f39ca130557934f6d26d4f55bf39", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-GB.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-GB.js", "md5": "1f2fab54990959b2de467e4ca606465b", "sha1": "c2bc51208c3be56ebd3221d24be052566ad653e9", "sha256": "66e89f803035821ab918f5aa3018747fe5db31bccf09df05ab89189766a05359", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cookie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/cookie.js", "md5": "7af38cf3ca7f4ee3649f879f1602042a", "sha1": "8d80d67fe4487ec17b2889564e0794411cccf3eb", "sha256": "8af79cb8d9b2bfc5bde32e9ef12654972cf4a5710d22ebdd779a061f87e17f9d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/lang/datatable_en.js", "md5": "1d6b8e5105e491744f751265cd8e2b3d", "sha1": "8a310f45a056800ab92cf5df98b95f40ab9eedbc", "sha256": "d1fe94289403a73860be15c9eea2d381228aed239dc69b7abb1105fc4ab8bfb9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-PE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_es-PE.js", "md5": "ddd0d22ff289e65df90cbc59da2355ff", "sha1": "e24ff8d00e03fcec0bf256b32e3e0d5a4ec3b209", "sha256": "d06bb5a730ef766135df1ea6884487287d7ca9f4668c143d0b36f29d3fc21604", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.tipTip.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.tipTip.js", "md5": "b340651f39d839f9d4ff98978ea3ccbc", "sha1": "42796c1682104aa111adf4824bfd4fc2652804ef", "sha256": "12cc8d41245fa8edebbc08fe985583b753d9463957fe3cb857e875fac035cc5f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advhr/editor_plugin.js", "md5": "d0a03059205455e5c19cf3a845a0ebde", "sha1": "7142fab581107323897e64aeda8572794ad1f6f4", "sha256": "f008302f1de2321e1f260ac279f10f97cd1613932aff87ae2efa50de58123d1f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "actionLines.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOW_Actions/actionLines.js", "md5": "de3626663801a14f67f46649d6983fd6", "sha1": "55f97f512481871493db75a61fbcd661c40f87d0", "sha256": "8b5a0da8800a27d7768978d97c73a0cd7bd73dda3f307bf1b55744b02751f77a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-plugin-min.js", "md5": "df632a66d719c7975636c8bd70a63d88", "sha1": "e8fcf8f3b7bdb1c11f84b985b7dd9dedcdc613d0", "sha256": "9f4dcbacea54b96298c43fbaefb6adbec39d11b7b3b60b26e727523d35791294", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-plugin-min.js", "sha256": "9f4dcbacea54b96298c43fbaefb6adbec39d11b7b3b60b26e727523d35791294", "sha1": "e8fcf8f3b7bdb1c11f84b985b7dd9dedcdc613d0", "md5": "df632a66d719c7975636c8bd70a63d88" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dd/dd-plugin.js", "sha256": "9f4dcbacea54b96298c43fbaefb6adbec39d11b7b3b60b26e727523d35791294", "sha1": "e8fcf8f3b7bdb1c11f84b985b7dd9dedcdc613d0", "md5": "df632a66d719c7975636c8bd70a63d88" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ar.js", "md5": "6a2df87071ea85532ee7817a05b904dc", "sha1": "11957c0c487f9feb2c219be91590afe8b39de32b", "sha256": "81c7c726b0796eaca604e0827060f391d4d8448d261da629aae64c3a3056cef7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "popup_parent_helper.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/popup_parent_helper.js", "md5": "b23246952b0f4dc0fa9995308afcd3ca", "sha1": "be096598ae6371819527eb8ff02f2055eee7e0e6", "sha256": "fd6caa30a8b2ec9710e9f24d1e5e3260285486307140d8f567baba01ba1b2369", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "loader-yui3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-yui3.js", "md5": "231d3f7831f488d406950ad94c41e5c2", "sha1": "5069ae11c1d88129b832225e3a7621c626321344", "sha256": "4d8e3dbb379de3b9c0146a3c9d899f00973e69c2e039fc75ea901e1582bb4c18", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dragdrop.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/dragdrop/dragdrop.js", "md5": "764230b82133d49a2f9836aa85a77864", "sha1": "d71c4fba507191ef86f368a1b9be045c0f46be2f", "sha256": "c1d4b9cba2cd5ac2e5822759cffc5007d2db24697f927f8386a027e3f5c571da", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.drawing.poly.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.poly.js", "md5": "ad10b73d13a9d683c79fc6ad114bb108", "sha1": "7c183754e05734ef9a66a1633dc91b4d19d771a3", "sha256": "f41ad71833ab5080ff271121f8e1a3ba745a864f2987dd8bd224a3220c88cd60", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ru.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ru.js", "md5": "32c58fde050520ad3010f7024caf927f", "sha1": "d4b5717437194cdd1fd92eae5d33dbb040ce2faa", "sha256": "a9b69ad5299a83205e3056047ae33d5979617a3d111d5f2c21e55e84ce07503b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ModuleBuilder.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/ModuleBuilder.js", "md5": "840fd509984d593cc063ba207991af80", "sha1": "c056b64838fd5b44ce6af9923dd8a092ab618080", "sha256": "1b42df436d1cb5f3c5bac59cb856f33e2cde80e11bff78ddbb9d2f0e951e0179", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-IE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-IE.js", "md5": "dea42aa1b432426243ed8d8d768e6ed0", "sha1": "0b6ad2401b5da5d803855bfd46f3dc975109f5dc", "sha256": "b1fd22c5c53fbc18b0dc3aa664672cb6e2d2098d16b83fd43c143a64fecb6afe", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-form-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-form-min.js", "md5": "e013f9a4286c48923ad4ac57739d3330", "sha1": "1540b1f939d10bb5da9574ff818493fbab231de5", "sha256": "577afc19e6a2e6e7a26320c11c2341a9051a67933a25c9915f0a160538be7f71", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-form.js", "sha256": "577afc19e6a2e6e7a26320c11c2341a9051a67933a25c9915f0a160538be7f71", "sha1": "1540b1f939d10bb5da9574ff818493fbab231de5", "md5": "e013f9a4286c48923ad4ac57739d3330" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-form-min.js", "sha256": "577afc19e6a2e6e7a26320c11c2341a9051a67933a25c9915f0a160538be7f71", "sha1": "1540b1f939d10bb5da9574ff818493fbab231de5", "md5": "e013f9a4286c48923ad4ac57739d3330" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ca-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ca-ES.js", "md5": "cef6a2d6cf3ee67a4ddd2e4e6199dc7f", "sha1": "9a1455e5cec126732f147a6d68665f96dedbd7e5", "sha256": "f6e09009c4e6bda09bc16ae2804d22e53306b34de4bc329440de9807ba5b7ef2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_nb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_nb.js", "md5": "523711b87df5378a350c8893a4c5014d", "sha1": "9f540e6dbd382d17f0e14698a721852968ab7b02", "sha256": "bebd93b6fdefb0c98922ff922012f21f36e1cc9c6870fc7c0a40391b1b7256cb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RGraph.modaldialog.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.modaldialog.js", "md5": "6d4d599966387aba1b07171857b57212", "sha1": "1e82d4072fdcdb850c4d97026b63f7b8110de385", "sha256": "331d81bbd7fd27e34a477ed0b379b1dbf4dff56e1252644f267fb8b391f3411f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-para.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-para.js", "md5": "85d5bafe11574c8b270aeb669e7f0361", "sha1": "ea331b3448441374874a21ffbcfc49753f19d788", "sha256": "1cfbf9deabaad4d129cf2557625742665a3c21217d1a96da8532bef29f4ab9f1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "imagesloaded.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/imagesloaded.js", "md5": "65760a45dd238bb8540a6f9d6e10743e", "sha1": "9d5619d0c335a45fe215e7fb9ea05f7490440575", "sha256": "477d0a88b0a9e7ac799fa1aeb972b43909ae28e3a9b253b76dc14f70de530fba", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Connector.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Connectors/Connector.js", "md5": "efd8c46eb66ea6f8dabced1384807b10", "sha1": "1bf3d612cea55c869c99784e83b0c5750c20c61b", "sha256": "3d6a620d3ffb1010c0faf91be2b27bac1e8b504ff42abd76cb1ae2edbeb74c2e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dial_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dial/lang/dial_es.js", "md5": "b32ce378b2880c5c2037f07511419e91", "sha1": "1fc77245d17a1ff17bbd90359c37640204362877", "sha256": "0309c6ce9fa2cdcace42342dcddd96e7366cd7eb0e2ca809290dd7fc6f2f79e3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom-screen.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-screen.js", "md5": "53727f121a5077e611d6cae9d75399e7", "sha1": "3ea79830b42ae7f13e04300df770afd9ec968be9", "sha256": "41ceb21c305e268fc8e305954d8b576bd767362286faa95e604167bad3fc953e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_da-DK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_da-DK.js", "md5": "9099c144578fae7d90f89f72ea116650", "sha1": "6045fb9f93644ba96b6992672aacb6e06e505aa9", "sha256": "f3039e37f01a9e4a724f644e548253c061b55b3e889055f2378d4ad515379fb1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base.js", "md5": "ab1582245082cf35eb9d0f877a8e9b6b", "sha1": "12fbc9866eaec01c10c101f7658cc4cfb3f97bde", "sha256": "fb53c45c04e0b78db9fb0ce9dac88f9fa86f75c7f345b1f746662896468b7e9c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ru.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ru.js", "md5": "96f54359ace8abd3e3c0ed033217c068", "sha1": "37c8a2ecc735b0f07e7bd41c5314e0dec08aa361", "sha256": "2d95845d73485c5a9ab549f78b06e4fc45ede106b58446b0601324697b8321f1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-SG.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-SG.js", "md5": "d7ddd92e94149135833e59cda319c715", "sha1": "0674ae863651b4b05635d0d22c321ea37d4a4004", "sha256": "5a3a9cb2b84d2c6961767839072ed03a83a41fb60784c5ae8632948ccf40de32", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/visualchars/editor_plugin_src.js", "md5": "d7fc4d8abe66664834d9277dba356777", "sha1": "1a69b715a38576281fcb88a082c91264b38cb567", "sha256": "b51d62a71d76cc832a853034e3efa43412af24415f9ac6924c2596fadaa5d61d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "main_lib.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/js/main_lib.js", "md5": "c65f6ac04c46a6e03c7ea4494f320d4a", "sha1": "b855aa2d5844aa40cf9c49b16f46e081dcc5a4df", "sha256": "42edbf10b90daf1ad1e8c521958d0ef5bf36057155dcef130b167e21f6e6fba2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "clipboard.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/filp/whoops/src/Whoops/Resources/js/clipboard.min.js", "md5": "e830f929b40edf1808f3cd9b43acabc4", "sha1": "1d48acd4e39c72825e14305ac70fe961e8346519", "sha256": "841853255d7dac40f4f492ed64915f605a2c22fcab1f8817b0a7a70f0916185e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.superfish.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.superfish.js", "md5": "717b408b16ed14f44ff7dae6efe0c625", "sha1": "683203bbd3a5c8ed9500de97f12bbeed7dea8961", "sha256": "4b0c1053b74f78725c52ebc27fba3c7844a9c61d1e4fbf964523ca25fa3aa860", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Project.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Project/Project.js", "md5": "c84fb54fa25169fcba8e128ab410661b", "sha1": "c302739ee395d4f6a5c22f0def61029bcb893d98", "sha256": "f0af2b032ea1a4af9babb40f3d3d06e5930277900ace237373ffff134b6b8260", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Cal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Calendar/Cal.js", "md5": "2ee276f5023800600265199203390b21", "sha1": "921c7da5e68ce1dc5a86a18f91e6d16a9020c41f", "sha256": "955973436eb6f8c16b5fe95f235c223a8bbb6f837f8909624d37c4a4ec324f8a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_el-GR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_el-GR.js", "md5": "c1799aa503b8784eb721df0420ea37d7", "sha1": "776890e8a69a2f890708cce20d4dabf89e1edc91", "sha256": "f8243bd6fc5daed5d61d4d459f578b8b6250b92f6fbfd12dbf1dba9ef17eea2a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "WebToLead.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Campaigns/WebToLead.js", "md5": "e64509ddd0e0ff5bc5cfbeaaae358883", "sha1": "38c4729380e7383ffb769d9d1828e81d3c065223", "sha256": "4ccfd0c24cff82772535c432124ccbb999934c43967aecdf7d0fe7175e6ec853", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cache-offline.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/cache/cache-offline.js", "md5": "78fcdbf0ba33885ad2d337977662f564", "sha1": "35c44073e00310ebeeae031bcaeee8fddf53e790", "sha256": "822260adb997b261304278a99360adeb6f333e96d1faf7d9bfe238c78e0afc93", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lib/jquery.min.js", "md5": "05e51b1db558320f1939f9789ccf5c8f", "sha1": "c72c1735b4d903d90dd51225ebefb8c74ebbc51f", "sha256": "702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.1.0" } ] }, "packages": [ { "id": "pkg:javascript/jquery@3.1.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@3.1.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "User.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Users/User.js", "md5": "333312504ac9514bcf5a3185bbaa0bd4", "sha1": "055c0b0c7909622782be17d9039991e721fe8b4e", "sha256": "ee6a7be02bf003c97a15b320e05ebcb08c8830239474de945f8a5a11f0a08445", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "escape.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/escape/escape.js", "md5": "648b749dea6f1a94c5bfb2be805ac45d", "sha1": "e0d329c4b1af053992af45e404b02fb499414360", "sha256": "3d4fea7123a053dce9c78b7793039b35a096904865d3f78188921dd37cf155eb", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/escape/escape-min.js", "sha256": "3d4fea7123a053dce9c78b7793039b35a096904865d3f78188921dd37cf155eb", "sha1": "e0d329c4b1af053992af45e404b02fb499414360", "md5": "648b749dea6f1a94c5bfb2be805ac45d" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/escape/escape-min.js", "sha256": "3d4fea7123a053dce9c78b7793039b35a096904865d3f78188921dd37cf155eb", "sha1": "e0d329c4b1af053992af45e404b02fb499414360", "md5": "648b749dea6f1a94c5bfb2be805ac45d" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_zh-Hans-CN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hans-CN.js", "md5": "04916ca1592194a96cfdb3c294427340", "sha1": "473e2c225805bcdc2889d15321c3c8cfc0e6922a", "sha256": "a5d0248096df2fd744a3333b97007dddd01cb07144c3cfa88b9bc890219bb857", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-PE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-PE.js", "md5": "41374a215e1a442c2fe478909f9dc22a", "sha1": "e13ce9be4901621062b1ff110ad04476a7d6bd7a", "sha256": "5fe5cebe6b85f7a2f6d1c3dc873d26fadf1f5e48434b46de4083751020a83670", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-position.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-position.js", "md5": "f59a013d8dc45c952cd9e8e587fb77e9", "sha1": "2665cdad5b0e5b5d94260f30ac4521639c331f59", "sha256": "c65f2042f7e51af5739f7e3926b0fa5fe8ccaa623bc65dd258dd2245ed2d0292", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_nl-NL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_nl-NL.js", "md5": "8111707718ca7645890035d834cfd4c7", "sha1": "ce8967e88782e821ccf7092e2ba8f029c015ab08", "sha256": "47f6cdc03a853f923506cc87e4ff6a69e33a99430a5dca826036ffe57a3b4f6b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_async.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/jsclass_async.js", "md5": "6d2f3226cf797a3830fb0f96a49b8b2c", "sha1": "c3a86b26c165fa2234c4f0f73ec5bdf6138bfa61", "sha256": "ea85f45225ac1b57eb4602a8039bf1aa26edbbbc76447702b3a00b08e718e77a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_scheduler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/jsclass_scheduler.js", "md5": "3064bb6e3e8b6f1131695158fd464ded", "sha1": "a8c521b4dbeea3c2a31a4e0b42bdb55c1999ad52", "sha256": "980164c5aaf0e1d5a26bd0334e7020afcdb2b0e64f5c471126004cf3cc069b00", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "element-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/element/element-min.js", "md5": "ea186bc8dd4cefd44ed463cb03e4cc7c", "sha1": "e318799bbf73e953e745c0d1c705947682532d79", "sha256": "29198698ab3c113c57bdfe851be9f06f89d2baf3b1d83e451b2adb2f24ea8a17", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.dnd.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.dnd.js", "md5": "77d42e8900cb9cb7c5892e884d8db87a", "sha1": "31f22ac920f2d518683a84947776d60f92dc4d48", "sha256": "139a000cf85398281c0cb058be89c02ac98b74207650682798baad53b6c63718", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sr-cyrl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/sr-cyrl.js", "md5": "8686e81f4856c371aa3fa51d1a7b1290", "sha1": "98fd904406f70f80ded7e3c0a9de769b2bf72231", "sha256": "c14678a234fdf4606740538dede4c12aeddc0a9cbc3d973313ebcbc57326387c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-NZ.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-NZ.js", "md5": "62f6f769dba25cc0790b2075be7820b2", "sha1": "eb66aa9e571c5cf8d6d88635c902b4ce61a26dfe", "sha256": "0870a9c36caaa450d8fb10a79cd93468f6229115d02bcd8d2f22be8d93bf53a2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-PH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-PH.js", "md5": "633ebb02ecb8b60384f5252c987c41e7", "sha1": "2517901c1570c2e04be7db1c58d73a3f07532d3f", "sha256": "48140086eebe7d0ae9166d230584a8f0d6b453029a727f80e538d71fe6d363d0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-arrayschema.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-arrayschema.js", "md5": "59ecf34837925e893d00ab44a2b9ec31", "sha1": "0df6b99ae8129ee06c9d911c28c3fe15f1db9ae3", "sha256": "dbd21b3b3cf9a85d5498b1d775d608f60c2b37b7629e66e74458c4c3b03c3ee3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ru-RU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ru-RU.js", "md5": "6b8d3f97848bd3bff9141abd8de272da", "sha1": "0b0376c0317937e80d71673f708ca89b5876f458", "sha256": "d0ac2106de27a49745f7c0977154149508c7cd411270dbfb6102fd4498ef5dee", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "resize-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-base.js", "md5": "982bd87bef4c067380afbd49d3d387aa", "sha1": "42601e339da11cb2d69d16a8410534a429208df8", "sha256": "e991f627ee6b88bf396ac4e567d626eab91a4d3977065cccb16a4aae45709480", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/media/plugin.min.js", "md5": "dae0ef90c0f191fc8f836f2161fa676b", "sha1": "062f1407564df1e2ce4e8ff3fd45e382de389326", "sha256": "fc2eb0fb385231e3b492f685ccf50fc0b15dda7399f393fd86613cb1933bf1a6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "swf.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/swf/swf.js", "md5": "b4d5adec07cdada5b3decf5eafc6a73c", "sha1": "bf8b7ef9e05c0ffd999a0b90f756db603b762d72", "sha256": "6e931d618d624c330b9213bf4043b4e43d1397cb9a3b443d7ee3e590477b43c8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.pie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.pie.js", "md5": "ed3f50a406c5c014d4ee8f4db98da6c8", "sha1": "b33a4daad2a976e0b5c31a5f5cacf8be0b06052e", "sha256": "a54557d3061f1c9e6a2c354be01dc5de8e40f1d35fedd2fda7bdb99426844833", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/example/langs/en_dlg.js", "md5": "1edfe310d7cc45357de7093b47c863fd", "sha1": "9eb14550a4482bdb1becce766bd4708de8359e9b", "sha256": "9929be48918f1280edc66793e8cd80b2870eb320d62a14c2cbe85a2522337bbd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "importWizard.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/importWizard.js", "md5": "005a10778354c443736157e34dbef542", "sha1": "94821d1458549d22341b2199affbfa55c663001e", "sha256": "0dafbca3a94aa3bdeb2b18081e87a465330f8d40b60c65360f1b7e91348a034a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-css2-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector-css2-min.js", "md5": "5bd64838b5d5b68f448c50726d80f3b7", "sha1": "15583c9472733ebed2d72897e612be53f988ea35", "sha256": "06c1696945588b2efe213d8423230ea9548b9df6d86b758c45b2ac4b9aace729", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dom/selector-css2.js", "sha256": "06c1696945588b2efe213d8423230ea9548b9df6d86b758c45b2ac4b9aace729", "sha1": "15583c9472733ebed2d72897e612be53f988ea35", "md5": "5bd64838b5d5b68f448c50726d80f3b7" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector-css2-min.js", "sha256": "06c1696945588b2efe213d8423230ea9548b9df6d86b758c45b2ac4b9aace729", "sha1": "15583c9472733ebed2d72897e612be53f988ea35", "md5": "5bd64838b5d5b68f448c50726d80f3b7" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "cell.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/js/cell.js", "md5": "5a47c494aaca13b73f0f32e062bddcc4", "sha1": "599572eb3e12f8f4ef066d415e80631bea9cb7f6", "sha256": "c911af14b2eafa6ce55f489790a229f4573b1e057b396f4d4bb327afff063ec2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-mouseenter-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event-mouseenter/event-mouseenter-min.js", "md5": "392a9c1f603107466201a277d5d323e4", "sha1": "11473a7cb97dbbc8324db345f96f4341829489f1", "sha256": "662e7cf0d999efafbd5cf3609c472b029510adec6e525c7031f8e123cdbf7b64", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "json-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/json/json-min.js", "md5": "59d3be5741942c7fca3daff0b2d977ef", "sha1": "b8a39edc1977cd9c21cdb771c43961e14732e2c6", "sha256": "f9c6a26ce3e203ceae1433c8c1618f7c93d695131a53262ff72f8154421fde40", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "studio2PanelDD.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/studio2PanelDD.js", "md5": "93a5285c7147e8deea8afc555e2e79ca", "sha1": "9e763869fbd2c5730cbdf74fe269d67dd89579df", "sha256": "bcad2e739c42742033d622a5caeaa73af416f29d11610a6a93c49010b2258405", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hant-HK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hant-HK.js", "md5": "1fd94ee61501da23849e2ae4f81c69aa", "sha1": "433e0809944180163105cff8ec2c6e64652580e5", "sha256": "21214ca3b7b973d31658c345bdbe8a6c90bbdb55d0eecb108c2cd0a44132d494", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dial_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dial/lang/dial_en.js", "md5": "28ffd7caacb26a272e456c035abf6a8e", "sha1": "a8c386d7aa37a5eaa1a948bbece653b42f70de95", "sha256": "5848fde2db8a2c296d1d998b2fd354fd8b21359d1896c0dacd5570ef5221ce96", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.context.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.context.js", "md5": "0961f969253b6e5503cba7aee78aee45", "sha1": "eebaf08732a9b1fd3e13c0c69b81bcc576346692", "sha256": "8703941a1d2bd8795cf88a49565e677fa094d60475447d9b332c5050d7dec8c7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "vi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/vi.js", "md5": "29809d9e57ce37e245882decaab4e627", "sha1": "e583d72045d82030151a6f8b113d3b3dce92d5a5", "sha256": "b10e5bee90cb7128fb051574b853b3ad2d8191fca388926090de0fe1a44afd65", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-anim.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget-anim/widget-anim.js", "md5": "73dda979e61a729d65d9fde370194b70", "sha1": "8a709f2c9bc0775f9e22230474a16531404dda17", "sha256": "5baf432766fdcbd195eedb2904967b78c211ddf9e177af99e3891a30a47f0dff", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "tiny_mce_popup.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/tiny_mce_popup.js", "md5": "5a318277fedf491a0301e177a9ef10b3", "sha1": "37ca1c0ac02a5600988500b1641c4cbd178c5bb7", "sha256": "d796f1e5f6e6aa0b98b9c11365e0373c4fa160a0240131e7fbc172d1c9e8cfec", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "querystring-parse.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-parse.js", "md5": "2db46961a52fffecef9822e8b8aee81c", "sha1": "dbb7fe090722fa43791bc99a86ed1202482b4f9c", "sha256": "4261948337486cc2547840c42106275a69e8cca8263ea0cbc3ba4e852998f82f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/insertdatetime/plugin.js", "md5": "f3d19a927832c21f8a62d75722c956dd", "sha1": "4aa5afbdbc8fd4819ede2f12c4c07a56dbb49497", "sha256": "653624c7639c2e834d1e94dcf9a7a611b32a286ae7c4d19a919c946ebc932aa1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "history-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/history/history-min.js", "md5": "543b42a00a378f4d4b6e70c81d915b0a", "sha1": "be73aece0abff10802cd03cc0c45c8073303fd52", "sha256": "b586c6b8169ae15bd861164613a9d1237d44f99b8e828f38c82dbf6c8efa832f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es.js", "md5": "e4fb4c925d9a5e37a0a573286e7b37c7", "sha1": "a948cecaa88915a9955ab3f8dd3d88e0363ceef4", "sha256": "aee7b2d9039593355769b73b8751ce42e5f1cd9ea198008858695c506516175b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-plugin-min.js", "md5": "6a0fdd74ae11d1c079a1d987a1e71fe4", "sha1": "34e6bb8af8d4fd18d0db9ed215f686da730ea4ab", "sha256": "97c75e90b47e912e2b99f71569d7b883f3e439e30887db6cc0d9bc1c51a5f268", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-plugin-min.js", "sha256": "97c75e90b47e912e2b99f71569d7b883f3e439e30887db6cc0d9bc1c51a5f268", "sha1": "34e6bb8af8d4fd18d0db9ed215f686da730ea4ab", "md5": "6a0fdd74ae11d1c079a1d987a1e71fe4" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-plugin.js", "sha256": "97c75e90b47e912e2b99f71569d7b883f3e439e30887db6cc0d9bc1c51a5f268", "sha1": "34e6bb8af8d4fd18d0db9ed215f686da730ea4ab", "md5": "6a0fdd74ae11d1c079a1d987a1e71fe4" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-PY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-PY.js", "md5": "6598157b990c0329cdc86f29e28daa3f", "sha1": "a330968e745f52e03fe595a2e976b08ba1d8c0ef", "sha256": "f8de64c4fd4c4e36d1a9c5e26990b3d6329197d4920fbee5c2be9e97b8efce8e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/paste/plugin.min.js", "md5": "d44925ab1d9a93cd17b92165164c3639", "sha1": "a93a828d7f21cdac2aac1e4f59276007bf9d2aa4", "sha256": "8817307b765a634ee83d8a6d7db3d4878e6f50ed331fb14d9f4ca7bdcb05b488", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editable_selects.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/utils/editable_selects.js", "md5": "8dd04768a81d784fbac5bb00876e808e", "sha1": "b6d8b346f4468f56a897d45d0fba13a84a16ec8b", "sha256": "8a9f3d2ba2467850890a54e579160e09eda733f3e350e330f035da16ec8432eb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "history.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history.js", "md5": "8bb73a765e9bea1fa29776e0d73eec1a", "sha1": "4a8f697d456b34feb18551f00496f8cb87ba6df5", "sha256": "6f9cdc82062a9404d7530bb2892e0279a59b8655e340a6fd28141cb6da0c65e3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sugar_yui_overrides.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/sugar_yui_overrides.js", "md5": "efbf74aa5e7d0af070ae7faab7725538", "sha1": "1d20d9c968abf850a89ab391f696d47d02141dfd", "sha256": "7060a44a6c3d05d13b9f26092c05bbf3230ed155b416eddc87bf3875a1e051fd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ja.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ja.js", "md5": "5eca3d5975a18daccd9b260783ce5806", "sha1": "07c677c23baca7ddde022af76609d07873e37451", "sha256": "d347bdc4fd21dd2e092c7f07583f5721d9c9d65aa3776f4f258279547129df3e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-list-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-list-min.js", "md5": "228056d0dabc3d59ca229c7f81dd2966", "sha1": "c157b9ce657013523d9f25a7645ef151dc6025bb", "sha256": "8b16ec7e5be34fbbfec9b24bf9d85050919862e9987b20ec9a116756886fc729", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-list-min.js", "sha256": "8b16ec7e5be34fbbfec9b24bf9d85050919862e9987b20ec9a116756886fc729", "sha1": "c157b9ce657013523d9f25a7645ef151dc6025bb", "md5": "228056d0dabc3d59ca229c7f81dd2966" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/autocomplete-list.js", "sha256": "8b16ec7e5be34fbbfec9b24bf9d85050919862e9987b20ec9a116756886fc729", "sha1": "c157b9ce657013523d9f25a7645ef151dc6025bb", "md5": "228056d0dabc3d59ca229c7f81dd2966" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "console_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/console/lang/console_es.js", "md5": "f2b81ab91595dc3eac9cfb2a766bdcc4", "sha1": "0984c33cce53521069ea433ee5b740432c0f29b7", "sha256": "35faca84a5475634e293995323c2d3f8d975dea4e99439c124ede9e1c032b1fd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "oc_convert.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/oc_convert.js", "md5": "1def5c3fd0bbbaf9ce96d26301303fd2", "sha1": "d845cd21efc0f76fe2904858c919f1682bcc7b69", "sha256": "180d2743e511c32314aaf9a7b8170d6f2f4847e8a9f9d8b23eb52b9483dc0bcf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/emoticons/plugin.js", "md5": "53e375e3fa429973f52454710687ebbc", "sha1": "9ab414fb90ebadb8e4e1a201941c7f6a5ab48110", "sha256": "dd7771ec2a14493c9aa212d32f206afe74b57b9519cb1cd52e97291c5c3b028b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/table/plugin.js", "md5": "a6f6bb42fee6777403fea1561b0ffbc4", "sha1": "57114a34557f9dbc906314003eabf06b77c59594", "sha256": "2b5f18a5ebf4f05c5644a9c05d3a23f31787ebd281b068d5509dcf768111a82e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_scheduler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/FP_events/jsclass_scheduler.js", "md5": "70d2f993bbf62c09afeab7a6d639ff4f", "sha1": "c26d7d942c479b3fddc1463d2c41b01f1e00b6f4", "sha256": "f9f03530b44b0307c2195613f670c9a56fc753d32d6e9ea3e9956c973b0a1907", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "profilerviewer.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/profilerviewer/profilerviewer.js", "md5": "a89e221e98601e5d71bfc9bffa4a3f3c", "sha1": "df9c855016e1ee3775ffd2f940728cddb7a2b850", "sha256": "b56397fc4ca00a3244ce6eb5a8dce708321fd0f8ca4287e1396d2a9bd806485d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "license.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/phpjs/license.js", "md5": "a13c8584b8c04a59d9d8675b6565c516", "sha1": "68c5f68c0815b8b21160b1935598a7f5a1f59a0c", "sha256": "60854e0a0afdefb0b2c21478708dda315ea17bc47e054ec5bd60c7e7bba14219", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_tr-TR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_tr-TR.js", "md5": "b3928f2270d82df5e50e8593631bc454", "sha1": "0643047feae395133c971079fe56baeb230d43f4", "sha256": "1e7cbbe6ad0147ace4f3b2d5620da0a1fa3379ac617ec9dd1915a0ee62252d99", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_vi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_vi.js", "md5": "86e705e7c3053c3c97551e6e428f7e33", "sha1": "a9fee5217d78d64c98c0f511d0c608302cc56498", "sha256": "346434a0e36ecdb42659133156b03e900f830dd970b8c9828c82d8bc3c33550f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "calendar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/calendar.js", "md5": "83cbebce52a5bd5f577c60655a9c5c75", "sha1": "cdfaeab5283b9638161ce1c1b3e3649fa60b7b1c", "sha256": "2623d821f5e9aa57702b011e7b090eca165fadcf8b6236985e40b118960a4077", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yui.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui.js", "md5": "8bb7e692facb28d1d9ed44df49884104", "sha1": "9416c4c6ad9eed5fab57732e1f6837ba81dabaf3", "sha256": "de51731c22e56c27f30d13b7d7350bbbe63e73bf8363b58a14fb74585199f0e4", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-min.js", "sha256": "de51731c22e56c27f30d13b7d7350bbbe63e73bf8363b58a14fb74585199f0e4", "sha1": "9416c4c6ad9eed5fab57732e1f6837ba81dabaf3", "md5": "8bb7e692facb28d1d9ed44df49884104" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/yui/yui-min.js", "sha256": "de51731c22e56c27f30d13b7d7350bbbe63e73bf8363b58a14fb74585199f0e4", "sha1": "9416c4c6ad9eed5fab57732e1f6837ba81dabaf3", "md5": "8bb7e692facb28d1d9ed44df49884104" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "colorpicker.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/colorpicker/colorpicker.js", "md5": "8141c139ebdff3a34a09854d804b7682", "sha1": "5410c1c679c57b77e66bbd9033f697db3b07faa4", "sha256": "9dc24a8f1894fc11005001a1a173fb4dec7f4187f2fe2424a95670c548652d68", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "rls.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/rls.js", "md5": "65ab2ec233568be44da335686752e4da", "sha1": "6ef4e10dfacba5160c2e885b92d702c6929d2847", "sha256": "05c4a6c04efb6097416962333b581a80335d794b8f37290c3cdc0c81902fb0ea", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "nv.d3.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/nv.d3.min.js", "md5": "faf359a29dd581bd8f288f15ea24d063", "sha1": "25249613b132ff52b704f6f52bc52a1b06bfa64a", "sha256": "0ec70f7ac9519d96d4a814bccfa73f574a3b3a8c2646eeaa449ccea68033fe7c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "style.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/themes/default/js/style.js", "md5": "3fc55a445298f79d4dfe119da3fa6ba3", "sha1": "761e4f010d5455056cfc107f8156ba030708c042", "sha256": "c6148bc4fe172060466a3395489c0a22c68a797052e88f0ed5170645866c1017", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-scroll-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-scroll-min.js", "md5": "e39afcc12f9d416bd62c35a963e053c6", "sha1": "6aabeb5e9c1d05213e1ae780f84de73256b5ec5e", "sha256": "a16f3d9c212beb7c128b63ee80e858c08ab851431d2b05f446a1de6b5e7e493b", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/datatable-scroll.js", "sha256": "a16f3d9c212beb7c128b63ee80e858c08ab851431d2b05f446a1de6b5e7e493b", "sha1": "6aabeb5e9c1d05213e1ae780f84de73256b5ec5e", "md5": "e39afcc12f9d416bd62c35a963e053c6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-scroll-min.js", "sha256": "a16f3d9c212beb7c128b63ee80e858c08ab851431d2b05f446a1de6b5e7e493b", "sha1": "6aabeb5e9c1d05213e1ae780f84de73256b5ec5e", "md5": "e39afcc12f9d416bd62c35a963e053c6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "lv.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/lv.js", "md5": "246735df304e4625464103fe7ad9c8cc", "sha1": "f3189396715d551c0d4cef24fc481fabc8d61fe4", "sha256": "67b51d75776ec87c81ca47015afb8ad9a10699d3b7646dd4ab448f1715990669", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "installCommon.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/install/installCommon.js", "md5": "9884428ef3400c245c91f8834074ba35", "sha1": "6824c63a2bffe6500da42ac075bed689725e16ff", "sha256": "299cb7415bf96c10cda0c06b9341eeaa13b761517dd57eace957bfbe26ff3a44", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "validate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/utils/validate.js", "md5": "2d73c0757ea622f65738ea71433ca8e4", "sha1": "7cadc94b5a25465b7b3b584f31c63ec4a4d8ece6", "sha256": "18d3235a0de63ee6eff68260ec4d3680f82209d2f32875cf993fe9b6a23e27f3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/es.js", "md5": "c5ef2eaf5199610cce4ecb0c97682ed9", "sha1": "bcc61d6e6df59082564b3424adbdfa39c5ed4aeb", "sha256": "5c5439812b7fad16a772eb80751ab8faa84fe9ffdd17b0b357b648a084399486", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "scrollview.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/scrollview/scrollview.js", "md5": "c056719501e6210b9f5d90c6722d1ec8", "sha1": "546e75fe210579d388a9d429b6237378a8b483a3", "sha256": "d467e3fae7d72a12c528a59b339b4c474828725bb21cd0322c6bcbc32a06bc6c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "report_additionals.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/report_additionals.js", "md5": "baca991df446eaf401dda47d1685fad1", "sha1": "1963f12fac114728c872df1823bb6ff0ccc0e0de", "sha256": "83d589b08b25c4d537df0718516a7fdd92557f1097770b076df768873b06e5fe", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/datatable/datatable.js", "md5": "6b455d887cae2e123caeb6d0aa889a6f", "sha1": "220a331c51470689fee7cc26fdaf0c82f592ca5d", "sha256": "76fe6399238ea1bcbeb321ae8136b21252e1045d17f8b0d3bbaf826082814f99", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-CA.js", "md5": "2471f72548244fb485446f1f3df535c0", "sha1": "e518c00b63163ee876bc7a968b7ae622f7c5fb95", "sha256": "1e478567e2aee66e98dd8839ccd63523d885e8e1a5eef8f7f43117e014b686b5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Panels.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/EditView/Panels.js", "md5": "1cf769920e0f8da1f49075ef630d15a0", "sha1": "1a8db270636079159ea169c073db554e1724c789", "sha256": "4f8ce33dd217cc9208ac287dbc2745e888acf552b1df9e1e625d23af640c9de6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_it-IT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_it-IT.js", "md5": "23a8edfe9a9206956d55482c67965ef0", "sha1": "413d629941a4e73c15d99bbd15c03acf24abdd26", "sha256": "fe1ea62107fb546d8e6e1c95803e690d76f9bd029d1c5a56d0aa655cd7859313", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "studiodd.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Studio/studiodd.js", "md5": "e2990364363b0ae2df8972275bb462f6", "sha1": "1f8b119a52958f1225dc51e8ec87e6a27887bebd", "sha256": "3d597874481c365456923c6fa41d2e0d69d7577bf51b8a65333cb15f8360b1c9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.qtip.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/qtip/jquery.qtip.min.js", "md5": "d1b21ed511484c1d0d2906ca11cc4429", "sha1": "1e5ae532cad925a368cd50cada22a3d18581df10", "sha256": "ede9f88fc42c7c736026301e85c20cbdbc8434c8abaa92df2da81c51002fe703", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.mozaik.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/jquery.mozaik.js", "md5": "5e26c3004604aaf2211b5fb9838a19a3", "sha1": "d11ca7b316ca7c9bbc9f195c53163138f8d51d4a", "sha256": "d5fd28884b83d01f2a9e0b2af8b64cd74691c3e8e240e949b4361a1247502754", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ja.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ja.js", "md5": "5e0030c66ad5d229ad9eadb7c9ec6e66", "sha1": "5650bbecc6fab266cde1cf177fe965db858b208e", "sha256": "35bb27f55926c068edd50f24df11d7cc2af1cc8aa0a7a59e596f4ca0e296242f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Contact.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Contacts/Contact.js", "md5": "b07c7f5a384cc679132e682bf85b1218", "sha1": "19dcb379bc0f755b84e31b6e1ffcb0a936611728", "sha256": "338794d0eadf80d58ccf9e57163d9ed03df8a40d6ecd0cad398cb5732b79f859", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-EC.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-EC.js", "md5": "4b83a8b29005fb3b89364b06606bc6fd", "sha1": "7be6d7361a3e452ad43b2827719696b3333e64c8", "sha256": "c4ddf44f14b72c72ea118239a5dab678d919e3b31501db2b6176b4cbcabe9ba2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_template_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/simple/editor_template_src.js", "md5": "95f31d4238d5ea2e17001288c3aae536", "sha1": "42383e3905784dba33fda9b679ade01992944fbc", "sha256": "cab7d43f9547e46c0804a516ddf99abceac61db8ddcde9f3d2f1b5266d911a01", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hans.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hans.js", "md5": "3ff7383a0ecb9b2c54f7c07f7a50c2af", "sha1": "94f55949e4fd8fdf1066fd7593a8def7a0bc9a8e", "sha256": "9a9b6fa9b96232be0949ee217297621464d3d95fb4d670ef7766a52bcb7aea9d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype.js", "md5": "7efc534c807e0f8e51ead1ef4b0855fb", "sha1": "7ad6d0abf501e37e8be1d6ec7b4176d96999ea5c", "sha256": "30a7c33fa2b81a12c76e98a596e53ddc6b16fac7f7bdebd4a7cfc8090c985e00", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "imagesloaded.pkgd.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/imagesloaded.pkgd.min.js", "md5": "caef420227b349cae08dd0f92eb90c3c", "sha1": "cd9e64270abd6b7a2ccecac8c2b62b071c6720f9", "sha256": "23bd7e5fac741d9a4b7cd4572ab0df7556b4dd610c67e3dfaa852d28812b4250", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/editor/editor-min.js", "md5": "ad31e132ba7b76b905e0d221af8cf196", "sha1": "5de06ff86b802eea44315191f057edbd7e1573d3", "sha256": "3fb1db7997d4bfa3253ef15d24a776f3a4900a74af1d1c51bd92c1a29a1269be", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yuitest_core-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yuitest/yuitest_core-min.js", "md5": "a6023df24fb560d2a285d258710d8a37", "sha1": "e9e37d4ffbacbc4e1d353dab8814571832aca4df", "sha256": "b066fe2fea1911b61a61a92914dc7cfa87858785f326e5b221082cf4eec30c61", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "base-pluginhost.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/base/base-pluginhost.js", "md5": "c9f59b75fb1576a3e86601a54ab15642", "sha1": "2667839dcf2fd370cf7d8e87092900cd8aa84004", "sha256": "0f4b7fa955ca909f167504e74fb6b85687adcc3911550454cee3de7b8fb92c0a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dpSyntaxHighlighter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/assets/dpSyntaxHighlighter.js", "md5": "afac0a8fef175387a081dbaca19cf59a", "sha1": "c65143d737a96159ac5fd6d94558a6e419ed0c59", "sha256": "1f7d62f811893f7d6dbcfaee89c451f53d098c207ca022a3845755a8c2393b63", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "old_php.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/old_php.js", "md5": "2fe0ae79de6f48fad20393054076e82b", "sha1": "ff9f5d0de0f432757147d8e4a54ba191f9161f05", "sha256": "59d3ac8225d15a724205e07016a40ec4453632c1732e831335f7c266ddd40025", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_th-TH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_th-TH.js", "md5": "4134577b14cbe0264a517657158c23d6", "sha1": "98a65b0a0748969899ce3aae38d2cd4c0db490ff", "sha256": "a2ead90fa8c9c5c42c44cf5eb136e84fd5f18c755c4eb8b3b85ecc992dc11f9f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "querystring.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring.js", "md5": "fa8eec1ab28304fcb0cef5caedb1a52b", "sha1": "599d6309eddacdbbd99f9e72916e465474de2d2e", "sha256": "951bae609776f5ed32d37306d6403961643fe89f0cb970f603bfdb7aabc2a309", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yql.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yql/yql.js", "md5": "e1a2b802089686337415bcbdc54c23f6", "sha1": "11c79df5f94e4268eb3c25ee06a9373826ab421e", "sha256": "cd0bc577c9b1c2ed70ae87bec0230c463082ff4ae9f99a0c2cce787de8a10de8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-custom.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-custom/event-custom.js", "md5": "1dc7d11fa054a35c919fbb8f08d43938", "sha1": "bf9ed4f1d141cf36d555d9dab39e4f7acca3cdd9", "sha256": "979b40dd885c634721224daffc074aaa09159f342edf385081044e7450376862", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-NZ.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-NZ.js", "md5": "6c5882919f047e587d8330d8e0488759", "sha1": "6927de6c9f2c9d346c0027e0b3e7490fe08856a4", "sha256": "f7ba9362930222e799fc7dffc87ee53433b8976b311abadd9b9952086525abb2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Survey.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Surveys/javascript/Survey.js", "md5": "d0d5c63b482c8d17ba2386a4897f0b6c", "sha1": "d15b3be3f1095e3c991805f8f222a475836d5509", "sha256": "f321fe22e7e62c0678fcaab82ce23ae69026ee10f71486d83e5160035028b884", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-PH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-PH.js", "md5": "a13f2e9c2745afb49fd921668b2cfe4e", "sha1": "7620fb0b2241124adfb9be2ee170706126b1e423", "sha256": "2e65ee5959414f4c037953c85786e44a4d39778483698826de1980381440cc54", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarRest.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/service/utils/SugarRest.js", "md5": "29dda181924ed3000e275500af7f1274", "sha1": "0b3575fcb9a43efb95dea5b4b107a177255ad129", "sha256": "e7b03ffcecc5121accca681094ec8f80241102724d0fe372a8f214d9bbe1245d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/save/plugin.js", "md5": "a70ee9e056eaf3272a2efea4c57bbdd1", "sha1": "0fe9f12b5044dea4d4e7c3e96115411a48fe9e23", "sha256": "b8a73da60c8ac176784901abe69dab0fd68b5ec8d8d64146f6576ec91c2ae14b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "calendar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/calendar.js", "md5": "7a4aec6b762f5179c6507e20c9e1ea6f", "sha1": "d8835ac795d91257bf5692a9a23a8b71b3eeb7ec", "sha256": "4267f1d3baa8e7f00b2d849ec59664f9e8e5caa2c45c0471cc759a2e4491b6d2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "fullpage.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/fullpage/js/fullpage.js", "md5": "4f8cb53b624ca8fad19cbaf5487678cc", "sha1": "c381c135796fd07b09dd08b16e7624c03f824c04", "sha256": "89cd79e374609672fecc88e4e539e87dcb1d561c44008fce90d37eec8c58eb1d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "TaskNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/TaskNode.js", "md5": "705d97683a5d0f9ed47ec82a5b3f94e6", "sha1": "2b70544e7169247df3011384b2736df948ab188f", "sha256": "7c7caffc10ff5ba1db831e8d9c761c1522b165bd1d2e0f9d8011bb0ad260ad32", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-JO.js", "md5": "2bf558ddc0c00f36c6a8992ce4a2bc93", "sha1": "a10f5663365d87cf635b939c8017342d166746ec", "sha256": "ef79270542e019b084744120f239cfbe99dffca8b028d2acef4a7967ee2e62b9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-highlighters.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-highlighters.js", "md5": "0f982c57865af61535b943e26e5abf61", "sha1": "fce3e3650cf421bd87a8bc9a10e4758136ec7ba1", "sha256": "952579c108d14ef2812bf835a599ca7b179ea375cc0c14191c4afcd632bb7111", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "TreeView.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/TreeView.js", "md5": "938b1c6bf4d2fedd1811eadaa7036801", "sha1": "f3fd4eda3cf0d113a6a344b9cdfdcfb2d1a65f21", "sha256": "13a9c93564e72eb4edbbb790b401bf5d3349a34b73e999782199f8c5eca07377", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "resize.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/resize/resize.js", "md5": "f854d2433be9c750ff6a2139aec2e609", "sha1": "ea39cbb52a02f3ea0c3e5e8dfb2e41a3a1330c63", "sha256": "8c4ee655e1342ad14ac4a73a1793ee7a46d35b549705f5d7d298b300ba05637b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.sort.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.sort.js", "md5": "d6d8b602876637c458cf23c946b47abc", "sha1": "d6a3d3afcd8b2e4de751b998fef49bcee1785651", "sha256": "367bc3bc749e328940c9930295e1b262633df899d5af52ea954ac5497e38c02d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "text-data-wordbreak.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-data-wordbreak.js", "md5": "11789b43509530874a37925950fe8ca5", "sha1": "51ec60a2aafa83efe82bb9bca0bcc7142e5c880c", "sha256": "55696aecc55e34f54f91e977fdde815a62d3af05301ecfeebef8cda37724f199", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "quicksearch.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/quicksearch.js", "md5": "07f7cd351d10036af4a7093677b4aabe", "sha1": "f3521299e94a59a8ca85e7d453e553cd6fe82df3", "sha256": "d457d9cc13bc23d30d1c4d289f9f76d0cf77d2562b90df91dc1ca0e722eab31c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-resize.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-resize.js", "md5": "04d3b3ba90b0d8df7576ef9cfeec27c5", "sha1": "702c17c421c78d1f855a36f4409effe72a04368f", "sha256": "7e45955fe606e653e23b3d2c2436714c3f1065e7039424761ea3f734378fb979", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-IE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-IE.js", "md5": "9345cbf84b16e81a93d322407cc6821a", "sha1": "74a76852e1af751e7687485366dc6a6c11310172", "sha256": "a52b2fecd7d94025ae3bb9efc1e9a78c9964feb6fb9a9b4ae8b1c1dc23829d17", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_zh-Hant-TW.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_zh-Hant-TW.js", "md5": "3020796653351b37d9ffe427dfb74cbb", "sha1": "03cfabfb39772006c5a31be4af47c030911195bf", "sha256": "2c317f093081e67fbb757a9f10cc7c738ece171e66507ff96c058b81c0e796b5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/searchreplace/langs/en_dlg.js", "md5": "fbd47078679d87b541479000589ef4c9", "sha1": "0d1233cd9244cba802bfb8de7183bbf53a9964a8", "sha256": "8ff853ecde3a698cba7a6fe821a17f368c6a9a4a641b7e4af761f408ad354eb6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-delegate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/event-delegate/event-delegate.js", "md5": "b13d4b19de027015344102ceef33bc10", "sha1": "8941b837f60da3ad0a26367ed0b379a879edf853", "sha256": "595703b355d45a8931662e92ad1936f6e1c5512eb6f3b9f64f70a8c14091dda0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "conditionLines.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Conditions/conditionLines.js", "md5": "e80c394e97e31d96222f49932dc1e32c", "sha1": "6aaa5f305d8f323f240646660df543699075b770", "sha256": "651008a3a7e2106fd59197b303a9ccf1e61a95e34a7f56bbe33a6977526cd452", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tinymce.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/tinymce.min.js", "md5": "5a1950a028deffdf9dbecb70c98a15c0", "sha1": "7fa068095c3f46abcbad431908339e568a91c0f8", "sha256": "940c7adde466d369dadeb69fad17b7f4d81b89751cfc3fe014057dfda86d994d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "tinyMCE" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "tinyMCE" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "4.3.4" } ] }, "packages": [ { "id": "pkg:javascript/tinyMCE@4.3.4", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/tinyMCE@4.3.4" } ], "vulnerabilities": [ { "source": "RETIREJS", "name": "FIXED so links with xlink:href attributes are filtered correctly to prevent XSS.", "severity": "medium", "cwes": [], "description": "FIXED so links with xlink:href attributes are filtered correctly to prevent XSS.", "notes": "", "references": [ { "source": "info", "url": "https://www.tinymce.com/docs/changelog/", "name": "info" } ], "vulnerableSoftware": [] } ] }, { "isVirtual": false, "fileName": "datatype-date_de-DE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_de-DE.js", "md5": "b84389375f04f66d1814271c159ac39a", "sha1": "2dd888cc0bec502f9e551505f7c1afaea6faf381", "sha256": "626b4d1ef9fe8e5004ca93bb609e5f0fbe03004743f1bd90232e99d1993a2d81", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history-html5.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-html5.js", "md5": "7e13367319240e490222daf0cc23bc16", "sha1": "358b1b071182526b532925964d0b2666723746a5", "sha256": "60708f6e106e9ac28e6e2080ebd0ca9d1f1a1180fd63cdd619d9820e8c388179", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "widget-skin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-skin.js", "md5": "dc03d1ec00ce76d09c575b9b0c71dc78", "sha1": "3c9971f1156a51071e9ff1ad1df2de1267258cdf", "sha256": "785addf5995ea9f075780c0f2a8496c53d0de8e5075d31128b620390cca5823b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-US.js", "md5": "efa70c425e5e05f371643d42471678fc", "sha1": "28a3fe85b50adec5d9718ddfa1777f5da6b26ce0", "sha256": "f28212c8bfaacccca31e03eb18636ec1eff95549e192e77cfe9e3d5c6e1c27b9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/autoresize/plugin.min.js", "md5": "12d81fbdb55cfa03ce8d2c7333c14c6c", "sha1": "1f5e71561a66be0ca80386b1dc84bafb3aa29b96", "sha256": "80f5432f8289407b1902afa8587c87f16c84c0aa8b4ed7fc713cc8971df82e44", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/media/editor_plugin_src.js", "md5": "3df4da1a08b6970232a0944c0b57597c", "sha1": "711726318210f6e2128341d110fb7473337d1447", "sha256": "cfbf56fd99d8166ba6881fde1fc32876c2c6e9a359bf5cc93e8c11e363c98be3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_da-DK.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_da-DK.js", "md5": "7328e272ad2dcf7d3fac55776ded64da", "sha1": "9a5d5bd288f59b27343e833af5dc89813980ecf8", "sha256": "7e48ff9f34e7076857aaaff798fee3dfe00dd719fb583e19c801220d260cb66b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "TVFadeIn.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/ytree/TreeView/anim/TVFadeIn.js", "md5": "036c5e47e6c096f468fa30288b9c18fb", "sha1": "82b26f9661d5fd0103d226981a13888a69580190", "sha256": "fb7a6ffd61caa347c4a197a7bb7d0b56d0940a76b5f707f1b011ff179644050a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/layer/editor_plugin.js", "md5": "4e5fc1b467c19d79dcf6246ba3a63cd8", "sha1": "0c1d56dcebddfe1b09fb6f122e13970441d209b2", "sha256": "1a7738deeb430b55ec64b908c69ec29f6687f3fe9f7702c78399fb49a6b9e0e0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "twitter_feed.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/social/twitter/twitter_feed.js", "md5": "e467b2ed82deab62aeab88dfea18ac1b", "sha1": "68ade387cf93bbb02df86586bc03e3e0a22988fe", "sha256": "0ba82fb0e1e611f7dd32084b570bbcfa00a2221b98c820b96151437c1d26f52a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-AU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-AU.js", "md5": "21c638e192d6a59e8c1c074c8781b150", "sha1": "6931394a000aa3a213b79ec266b472e92378dadc", "sha256": "b0c6e349a79fee7066a7ab6a1476ebc602b8853a7507ff8e5dffd80357c6f755", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "recordset.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset.js", "md5": "9da3a2ffba4225bde02cbc0b926c9eba", "sha1": "db3ac9e309302a456582e93b281d587a3b58d0fd", "sha256": "97982c95fd8f4d3e5a19110d5124dd232e7cfcaaf1296d691fac93beae9cb729", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/bbcode/plugin.min.js", "md5": "0e2d453acd9b6f77e05b70ed37334d3e", "sha1": "d63b09300b0ba54e29bfbef6790c626274b13905", "sha256": "71f9a1c94634d029263ab86a240484fa948a572a2ca04c1cb9393a1d1403d4e3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "popup_relate.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/SecurityGroups/javascript/popup_relate.js", "md5": "7579a87bd17a42988d7cfdb1983061d3", "sha1": "fff4ff811b879778bc5911cb81cb28da350e37a4", "sha256": "3f792933d8a4442c0007962a39f34c16e785d74c5b246fd3b2f41d509e325048", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarYUILoader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/sugarwidgets/SugarYUILoader.js", "md5": "abc59adf77cf85c0424dbcb6c356bee8", "sha1": "2c5c21990b3f4e7c3d40968055865c74f355119b", "sha256": "e9176488f355e4c25ae368c1c0d2ce2d685b59d3652a16f1bd885caa584217a6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/visualblocks/plugin.min.js", "md5": "9799dd341c8ad1495fbb10532582e760", "sha1": "e4dd01381493ad802c9c38b4a1c84347a3b3b51c", "sha256": "0a0f01b9607dd3e0acbde63e7716938e2e6a9471515241aecf2d17932b768029", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "del.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/js/del.js", "md5": "fcfa58f9928d42abbf5bdb5cdb002dfb", "sha1": "a938cd33affbccd9d1a254ed490de94b42bc5899", "sha256": "10a6a389abe34fcae8f8ad7e2afa47dcc1051319d96b7279b7a65e1354ec859c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "register.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/install/register.js", "md5": "5aa3f9efe4f80adfd429e8e001bf3ebe", "sha1": "246da436f49c23ac93a8aae5ea9b128146d20397", "sha256": "9d0bdf1b22edcf6fd7f532bab44868bec9aee82caf64abe362e50bea8edb5fe8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/directionality/plugin.js", "md5": "5f21385b1f4513568d611d595040d141", "sha1": "7f9fd5e5bf69a3404087d9aaf82daf262d5b5597", "sha256": "e01aba0a8a8cda5449c950599b6ae8265211aace7e9857ec99542b1fcf9c73a3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_el-GR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_el-GR.js", "md5": "3d9010da24343015105ca0c652a70221", "sha1": "3b716e76ec631d71f46f981941ab10f4454020a2", "sha256": "109d3fe8172186d88acbf692c5fee0f536b83275ec094f1f11ae7c6ea4cdaead", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/wordcount/plugin.min.js", "md5": "151f4b1edc08395e79800105e0b50f39", "sha1": "4f509c7dc6a6f86cc4172bd2edf45141287d8495", "sha256": "4cf858bf37452bbcf5e05fafe4d49db3390221554c4c84642fcac5bacc75aaa1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "holder.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/holder.min.js", "md5": "dc575f4af6aa1f9220acf8f206c1c8ec", "sha1": "3d412f6584219d24c362809037e073d8bbd817d6", "sha256": "b493210d14aa66a6de26908a4c9e9d71e87f8a086f20c0433e0488ffc40171f4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-function.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-function.js", "md5": "5bdf8301b711ae6a2282f34a4d3ae9b8", "sha1": "93e88eea0c80a6888d5e651fc5a4080a306af83f", "sha256": "f6cb0c814e997fe372aa17176051be88d0b2bbb5a39e6982fb4da45e358075db", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es.js", "md5": "5ee85920dfbd62343bf60c19f84f4d54", "sha1": "f9f06b6704860fded312e5dbc8365e05eda2b671", "sha256": "0e9d8a40926b060aca9b775422fabf5f8e010e4b268c9a559e265ef582b92094", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "recordset-indexer.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-indexer.js", "md5": "050a6678ab890d337be5f76d89b97637", "sha1": "026be515746d24c5673a441140e5f7c2334289d9", "sha256": "958f8fe60c4dc157cd69ab1bf067149c4f82d3fffbbd02ae8b008291f66d9041", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dialog.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/example/js/dialog.js", "md5": "ff7c6a3db0d905ae655a273b87d42c78", "sha1": "5617f405fc369ba34af7f149113a9045226050b0", "sha256": "d19fb8bb926625fd697049e2dff0c52933b13d83f3988caa794fb836e14b2a18", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "carousel-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/carousel/carousel-min.js", "md5": "694fc1b99f0b5823a304f36cb403c1ef", "sha1": "0603d407560bbc444133d008de55630f647f9363", "sha256": "dad73d2df1dc7fc9735945b0c4ba0e25737bf2caeb95ec322436e0652edf6b32", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/autosave/plugin.min.js", "md5": "4dec5af212b093dd999c9f823138b645", "sha1": "16db5893d5965e0575b5cd77b1d48ed1423f0ed6", "sha256": "f383956470d386011b9b5670b2180f11e91149e84fa28a19484ae6f493391bb1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-JO.js", "md5": "068fb620d78d3c7667e4355dcc50c01b", "sha1": "137d7679ff96afeb85b3f4b293497b326bc841dd", "sha256": "f3fa67b7550506a5a3a35909150f5d26dc615e27e0d67d4ad5f64a739d3f9c3d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tiny_mce_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/tiny_mce_src.js", "md5": "1929c5b65f2ba1f2a73cb9e853453b85", "sha1": "81d8de8b8eafeffaf099467c25ee8882b06fa4bc", "sha256": "657f834b8fda6d436797a7e03b192b181457ae88e1477e5384f85a11736f6865", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_zh-Hans-CN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_zh-Hans-CN.js", "md5": "d9ded4a557099cbb29b513dd1e2cf5df", "sha1": "a09ea2d1b1fc2f94880a60cffb11a3f82f36d2a0", "sha256": "1d6d7cf399eadf6481b4596068128c54855f37f47eff07645f72d0c779f4185b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "text.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text.js", "md5": "b425c59ea8b13f2170cb753e439bc3f7", "sha1": "b87b0d03f829e200f9052eb5d3d5585cb726eb58", "sha256": "18c3d86aed54c7e0bebfdd1f9a6275baa32550ec8b916d376dda2ec4211faab9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_tr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_tr.js", "md5": "5445921074b7925e0400557ab1481d9c", "sha1": "abd814b368ce35a07139e617ac094c2b81883a58", "sha256": "bf39a353d14e7161c90a0edf17d851d931cb8cd51c3ef00851ecc0f33928310f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_nb-NO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_nb-NO.js", "md5": "40e020a135b573d811f0b6454b4e09bb", "sha1": "cb459b06770506f28905394c225ee444bb274511", "sha256": "2e8800b594b95379c3a6e6b67137062a2016bcaff3418cbbecf32ef70ae651ec", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_en-IN.js", "md5": "ba54390797a258891c722663567b4004", "sha1": "c8eda829a54cbed60af48fea4284140b82ebcc8d", "sha256": "1b6d8d343668760b92eff36dd8f3dd6b6d5fe0c7d06b464bf3d6496d237eea3f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "fieldLines.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Fields/fieldLines.js", "md5": "6e4bf41b740b14153060dde11909f61f", "sha1": "42a5c52a5736186760c8da0b8ac44c4f5667f435", "sha256": "bc7a30404889f30d70c1ef3c7570adeafeae858bc33a567005a12747faab5471", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_de-AT.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_de-AT.js", "md5": "3f1657b9afb8a729a53025b19eefaed9", "sha1": "a5e26aa5070ed0ca13373dc7195509b7eb7dddc6", "sha256": "df83de0b7be39216842e53d7e1b78da7f3e67d0590d063273ebb5091e4ce7da3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/insertdatetime/editor_plugin_src.js", "md5": "5168ca34206e986ba5508ea07d109e1e", "sha1": "48f1781f05a4881bb6bf2059db006cf7b5a0cd57", "sha256": "972c1c26d8c4c4cbe63ca6056d39e13e8264607525cd62f47aa43e0c1174067b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-number-format.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-number-format.js", "md5": "fb10208e69a137d78b7daf87129f1100", "sha1": "7809976d4cea301755299ff6bef50e7b0ca29512", "sha256": "155ea8276b12d656bfabeebf90a401abc2cbface620f9233404e4d53251cb2e7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "exec-command.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/exec-command.js", "md5": "ceb795ed9ed024786e56e4d87ee5924b", "sha1": "9f5d36d8fecf1a2762cfc39c2e5922769b405516", "sha256": "dda11ae9ae910cfff751acb4671dac054dee6dba1cadd8a24db1400f4af0601a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "get_html_translation_table.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/phpjs/get_html_translation_table.js", "md5": "054b9c1274686f591c68909704b112fb", "sha1": "4fe428deae5d2febe5e6d96b4dfbcb26bb4477a5", "sha256": "d0a758b9846da1b819a81a6d1ec10cbbf0fed75bff438e383bbf68201f1e39d1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "history-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history/history-base.js", "md5": "4c34ebcdd0ee42226b4050bfe01ec7b5", "sha1": "2bc2a94ec29f8850acd1c9b2849fa3df9160c964", "sha256": "a3dbee64786fd46996ad5255d2017b0fc249f0a546211aecc8eec17bce901cf8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "transition-native.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/transition/transition-native.js", "md5": "d5da7d3a8acf2bc43d803f52290dcf01", "sha1": "fa2ae68dc1e1b785e93cc746021064b01576467d", "sha256": "17e22efde06d13cdd0758dc94f1747867107ddb4b3074b1e1d1446a0717f0755", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "ar-sa.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ar-sa.js", "md5": "40039d524faffb0f2056bc52584615af", "sha1": "b5ec6e520da2431b71c42e7168ba8c6b8aeb13ce", "sha256": "bbc337081953c8792918de99bebd41200be946684df6aceec09150b2a3134cf5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ar-tn.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/ar-tn.js", "md5": "0f4ef96a5af66e1fcafa99cbfc5a69f2", "sha1": "1f8643a7df9de69e4b9a073f22df33ebe8ec463a", "sha256": "eedee0945d73c4f50286afdb7c72cc84ffe51868e3fc13c5359a2d5dcf565e33", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_nl-NL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_nl-NL.js", "md5": "b35e168992953f1358745b3e73fd7176", "sha1": "8dbbbb8c321f5b5ddc062bfe5b6884ada699063b", "sha256": "71b7fecd966994c81aad1b63df8a67fbc436309fefe0f841df8c983acb933444", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "logger-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/logger/logger-min.js", "md5": "adb2940db08dd957716439cf811eee7f", "sha1": "73f8a718d92c57924490304a56ba0af3715e77f6", "sha256": "34b25935535940719ce0e6a8a1d112ece121e870873d296a4e804109dc6f56e4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom-deprecated.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-deprecated.js", "md5": "2e7460803431c2cbeec7832fbc4056dc", "sha1": "a27b5b30f98051cdca3f85f8d80e7ca3a273ed42", "sha256": "d36b3d875bd8cffcd092aeed73734270e499ec48bf8bdc0ae1d370bdd9bbca52", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarFieldCollection.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarFields/Fields/Collection/SugarFieldCollection.js", "md5": "340c33ba887d216fc45a7d5ebf57b2e4", "sha1": "3445e12791ff0d4f9b0fdee3a92b6d05b99c025b", "sha256": "0137ff245bb8d03b3ff6aeec693ae603c5ea8198e679aaa764879133ff61ec3a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/template/editor_plugin_src.js", "md5": "659f6b605beb1072a368fcaf36654161", "sha1": "d642aca2e39c79b7bc3f3be940eaee593df7ff08", "sha256": "610caea47fa1930feb33ea1bfbcb230e7411a799229c91bbea6c85807d75eb0c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-CA.js", "md5": "c5ad59156347ddef7ba3a141c1545271", "sha1": "15d72a2838b84a72fcedc4ac188e79961729f21e", "sha256": "164f5707a53bdb00473cc9a03170414c5bee619aab196628fb50253ff7f8e009", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "simpleeditor.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/editor/simpleeditor.js", "md5": "7ad13206f1ca52a27fe1d82fea9c63db", "sha1": "41691efce02e16f1d0a5f18149fa3447d09c6aa0", "sha256": "13d6cc260acb304152ae3c745a922173f9bc89c19827d74c36e54e00d016b720", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_vi.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_vi.js", "md5": "5ef99ca7260a076b73391ffe28307a36", "sha1": "ba802d1942a648dffd5b3691ff985e2b6696229f", "sha256": "b0f0acfa152d035c72c914734c2609d0f5dae9dc1a4e9e99fcf72f5dfbb370c7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "history.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/history/history.js", "md5": "a093f4f1ecf18c040c0007aaf4a4b681", "sha1": "38213166cc466d82a91927ec71108645a82c7360", "sha256": "2b40c4ecf2e838a1ac4063b451822ff562ec6deeb175428da0a2016af125d891", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/pagebreak/plugin.js", "md5": "fe38a70aaa6b6201f5c68974c8a0b6de", "sha1": "78eaf12d84eb310acf052d18d9eaa758ff5b1ba6", "sha256": "887e0aa7309517a829317a28f9d8eb3036ca1edb271cae112ce7585352ebe94a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "console.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/console/console.js", "md5": "a316713ba413711c9db8b9f2f6c5a750", "sha1": "c8729efc45f297d110fef64f266672d5feeef524", "sha256": "b0b79aace771b6e3b394ec90c9114201348b09e91b9cc031486c038a93904703", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jsclass_base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jsclass_base.js", "md5": "563f94e590550cd1ec0bad3ef8f15f83", "sha1": "74fef43a383b09c3a798a5b68dd5b7c04cdb848b", "sha256": "0059c7df5f4e99dbb8b9fef4caa72adcf28db498a0f2866c468bda295fa4433a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-style.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-style.js", "md5": "79e0819a46def78da9b2339bde63c23e", "sha1": "65e97ccb3c6a612e8b6706b45a026fc4c4dc1bd9", "sha256": "e50f3462921a62312edb1311d175dfed10f2f961f706e9f038001e4811fd7905", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_tr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_tr.js", "md5": "d9740c47399f4c442af1254f2579d849", "sha1": "5d38f12e7ebc4969d6f0a896d1b579b7c087567d", "sha256": "16a0ee0ee8c2bd917d088fbb7bd3d990b23943fe88cdb7a82fd19d8a455ff533", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/emoticons/plugin.min.js", "md5": "5765b009c97598ad485fbd571b4c299a", "sha1": "b9769dd1dbb31f3a676c262d8f34cfdaabdac21c", "sha256": "a7c74ec69db8d8a53c027eb482ed09cb67fca1ea0b6b5422d864ff4af898d540", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-parent-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-parent-min.js", "md5": "f9a9b33269a97ebea683f651464a2b65", "sha1": "02bd129ef8d320e0eebcbd3cbd07ea172346ae83", "sha256": "f5817d149546cb3217be3c1ea85f05deec68f1a021085ed53b6db2b214d40cda", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-parent-min.js", "sha256": "f5817d149546cb3217be3c1ea85f05deec68f1a021085ed53b6db2b214d40cda", "sha1": "02bd129ef8d320e0eebcbd3cbd07ea172346ae83", "md5": "f9a9b33269a97ebea683f651464a2b65" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-parent.js", "sha256": "f5817d149546cb3217be3c1ea85f05deec68f1a021085ed53b6db2b214d40cda", "sha1": "02bd129ef8d320e0eebcbd3cbd07ea172346ae83", "md5": "f9a9b33269a97ebea683f651464a2b65" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advlist/editor_plugin_src.js", "md5": "092569e368c90e1fec73ae8fcefb7482", "sha1": "83c6bb6dd8a0370ec543f9258485806a368f9bd4", "sha256": "2f5344e1078537fed1cef537ffafc2dd596aefdd4d116dc578161adf7887c0e3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/searchreplace/plugin.js", "md5": "ecaf2b29fac7cefaac65d1c63248ff65", "sha1": "5ea9a74e3a0e87e61f31ab83721ca9ab43677685", "sha256": "d6d6d9e290cd2775627373c95d8052466a48e64f1b7c93e0882e08fda8a19b6c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_el.js", "md5": "7b6658cb28aa47c8c6b6da544787f0ba", "sha1": "8ef6176cb8ea7dcac10b441db7f7f8c811e5d1bf", "sha256": "0087d45f952ae65e2c608250391ba341c1ba138b52ea5cda95fb2d18b3127200", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_pt.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_pt.js", "md5": "90a67c29f7d173d53999b100a28ae394", "sha1": "f12f142be10807b850627ec58f31966bbddf7ab5", "sha256": "e9c3f73f8b4412f0a91985a34548b4518343d9ccf489a9dc8d925730eff55eee", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_el-GR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_el-GR.js", "md5": "c478e03b8369dbf60a8c7c93a777e4ac", "sha1": "4756860bdb76828a4ae8d4ec5d2065e0d92e02b7", "sha256": "080ae0b5732873391d8f86638c6de3cea7c9fd9180cd4220f792bad1870eadef", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_fr-FR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_fr-FR.js", "md5": "46f3f4e53f307e4c4e16a47159510649", "sha1": "1f331d57f0687197524e1a7f7f096fbb048e04d6", "sha256": "574ae7985ed2bfd3770c0ca32e990a49d4b9ef7e0f0e0f14a8e8c7d9193c40df", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_it.js", "md5": "9e64902dc01a3ae113f8e375cff3962d", "sha1": "3f7a5bfea00a33fa96422a17784353119a741d1c", "sha256": "843698696bf9c91d5f369632765b0632196ffac7f7bc9e92316ce935692fafdf", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_fr-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_fr-CA.js", "md5": "93736777bf2f463c1cd627bc47d02cd8", "sha1": "1cf9887b6fb478216707a1a637b34c53d965f1c6", "sha256": "5274c9d557e0c9215d1f705d6793019e5913e59c545296765f4b355d7a27ad81", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-textschema.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-textschema.js", "md5": "9a4bdcac8472939cb86d202b01478e0e", "sha1": "9f8ef37299d3a81b2b943e2c964e4bc219d542f0", "sha256": "af5e712a8b6daee8bd9aa6232b1bbd476f2d0b89972d4a89bfeca144fb21ada2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_id-ID.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_id-ID.js", "md5": "84f449af988d3537037cfc571977918f", "sha1": "182c183f92af6f45cbfb7105b72dc0d3ee266fee", "sha256": "085346ac176efaafa9f4f7ca789de2ded1b0fdbfb782632ff77ff5e44d335299", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/preview/plugin.js", "md5": "7e8adf54d77b707211c1790b985fe66e", "sha1": "d1c29fe0891439a3aa6cbe03fbac16e6cf46c764", "sha256": "6cfcf9ce33ac67ea7d0d882753c87fc2070a79b781e07d9ef6df53b4f19d66bc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "imagesloaded.pkg.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/qtip/imagesloaded.pkg.min.js", "md5": "6b4ce055f2aeadec6ce56d83740b0982", "sha1": "811604dda2dbd4c41fdb2e221eba3dd0b7d0e461", "sha256": "80ff0ccb30f931f1d70d14d0b777552de14224d28a92fbcd5b94eceae9f92ce4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jsclass_scheduler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Project/jsclass_scheduler.js", "md5": "d90b0b6e22ded1eba8a34c75ba470429", "sha1": "b686988a18d6d4b4dbbc36994bf0cdde8b4677d6", "sha256": "8c1f5f2a862a7baf7c6ad11a87a65232e1d0a606aec8800969bbef6f189d9f28", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-MY.js", "md5": "28fcaacd5674b9aed590ce865d014438", "sha1": "c3f47ddd0715b9cdbddbfa0dd3155609ac21d158", "sha256": "3b279aacb2b5d5c7df94afcfc98f4d315299246074c2deeeaa0e81a185257597", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatable-base_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/lang/datatable-base_en.js", "md5": "0a42055849ae36d672a02dac7859e43a", "sha1": "8b00aaf9c9eaccbbc84c2b08b5a7a4f443d7b51a", "sha256": "189a88cb66b0b866715c55a53ea024098643e471bde6d8e8cdb04b33e2847962", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-AR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-AR.js", "md5": "62c29aff27ade36af4af8be002bd7012", "sha1": "9afbe6309593b84cc15b6f2fc229bbd0d04ed181", "sha256": "6fb267b4c1a3364f05392338993c4bf79de62efa7965c278b99bd5ac0333fbb9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ko-KR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ko-KR.js", "md5": "f63c7ba94538d80453d82d8f05387ae1", "sha1": "9564e8b680180914fb1e55132d8f907db01cf620", "sha256": "5859628e811e733039cca42c183ad2b407f90fa29c9803339fa8053b4ab94e33", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-local.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-local.js", "md5": "d93d4df3f64d6decef29e02b1438ecf9", "sha1": "3ee5cfd0b807356b132b7e33c6a8d8f1f8f69258", "sha256": "5ebf499410fe91cc13f78a486e9c78c0ce384fdf2596573e7498b61c40001ffc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_ro-RO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ro-RO.js", "md5": "3ea994480668f9882a96206771db4f2d", "sha1": "d07bae80058e9ba17f5a706e243e01423875f498", "sha256": "55e423e38c0c0dc7ed79f7ee590da3f9fefcc14ef18441f00a9ef8b0d2d8ab38", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_en-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-US.js", "md5": "c7a532061d03aa3f2db8eb8e06c7732a", "sha1": "c23ebdec11fe2fbd3bc1ea27fcdb9b2375b36477", "sha256": "cb82229b762956483517fbd962dbaeb43a0cad7bcdea7c80c028f0d464d23017", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "set.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/markitup/sets/default/set.js", "md5": "0455f48c5633a3e35acc5e1e3fa1c208", "sha1": "bf5594e12340df43d27534a32f4cd349bfeae501", "sha256": "f517c75313ab1726b3244a7372c96f750652e0780aecf4e5ba2691b8ab9ccf70", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-CO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-CO.js", "md5": "8626aaf8e842d26604c6c56419a0bbc7", "sha1": "b56191bba8fc7b51b5f5390c4f64b4ebeb924f52", "sha256": "96bad9084113aa2316ec0018b86e42a2b8d3b515132f6fea41a978ad3c6c9292", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ar-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ar-JO.js", "md5": "b0a0b727167abc00d2c94e142c008626", "sha1": "92623024e6bf1f8f8ad421f4e3068f2ac9794967", "sha256": "a2393e61a91a3bf1cd44269eef7c83eeaa54038e1a1477a9df443dccbe2a7c13", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_es-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-ES.js", "md5": "aab0dee9e4b2c9f37de3770f1cb861e4", "sha1": "c4600263d3dbc20cc745e72f93fffe352e3365c9", "sha256": "f44c570923c19d0dbf4345eb33e816bad2997e345f7a6f2bab8d9b177f8e75b0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "image.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advimage/js/image.js", "md5": "21aa1a61e3199c01b679a2708ac9e4de", "sha1": "f93117c550fdc068ccf24138419db747e874f019", "sha256": "7c5b91c621c0278756e6c66072107efd7e314699f8e7e84cb7349766a452863e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-parse.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-date-parse.js", "md5": "fe6aabfb63f2ba7d360e101ad3152664", "sha1": "d44a7ed9180ef1eac5ebf054a35aa2db03ce4e3c", "sha256": "0fa353eaf38b88c8cbe5bb7fb33e9ddd16ca4924fef74ef7d92e8575d385e181", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advimage/langs/en_dlg.js", "md5": "6f80f834e2209e6a95957403bb4842f0", "sha1": "e628537b828a24751bae2bedda742cc5cbef687a", "sha256": "5ec18725bc90d0194ead2e145701c76e3f9eb527c5f83f36452b1bb7e056a4d0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-lists.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-lists.js", "md5": "8d4373d30ff9b930a8ab225e96321c54", "sha1": "763933e52ce1f5c3a4372cd8f131bfb538498ea4", "sha256": "e3385c51d53611b2adb5b970d1e03ce538ddb4436ff68d45720076c22fef9673", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "abbr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/js/abbr.js", "md5": "0262d05e0ddec030f92818d28ccdbea4", "sha1": "f01c30b4f25e2b73848ca46d6eacaf5d3f24eefe", "sha256": "0fcbdd10368adf7585ecea97b12a04668da7d172bafe56f01b7c0183c808ab75", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-MX.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-MX.js", "md5": "910666b09ed94419926431dae8b2dfef", "sha1": "5f6232a0024a265cb73a3d1dc9d51b557a08b679", "sha256": "a0120e6ed940660479d04639ffbb0bb57377853ad2639897683c7942e92cb615", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-sort.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/lang/datatable-sort.js", "md5": "98d20748a3e5818d98e558e59afd90a7", "sha1": "c228c89ad3fc1dd80870a6fd7225849fb46fb8c5", "sha256": "f6d1a24a3fadaa650ccafaa380bca4b97263e69f2dbaa8fcde23ed20c55f8d3f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "stylesheet.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/stylesheet/stylesheet.js", "md5": "1291047dd0202a042443ba1c53d5fe8c", "sha1": "6a116cc614a5ca06880cb42d9ed8ace492594fb9", "sha256": "918cc38bf4d54693bd2a2c96d091758b19bbe140399542dbf45e70ca95d4d53c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RevokeBulk.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/OAuth2Tokens/include/RevokeBulk.js", "md5": "c83ef218f009eb15c40f33693fb81435", "sha1": "b0d58899dcc3055e23e76abc56ac9538432b1ab6", "sha256": "2587c5ed9b9a9affbb4b0c5e97af01c2c3143dc71cf524c5fe9fb3e439cf7d98", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "vakata-jstree.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/vakata-jstree.js", "md5": "c0dcced5a1329e7c52050ef87df9ea74", "sha1": "5345668ac2fd4f23eff64b7fea2dac844832a9b4", "sha256": "c0934f6b22dc1b7f8de02cda28d995a96162ab03a8fff012d9dc054a2bb586bd", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SubPanelTiles.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SubPanel/SubPanelTiles.js", "md5": "e7038bb725c238341feee8798d1a456a", "sha1": "67408d3e4d76852b098d929267dc488b69a3d09c", "sha256": "1a4f44549a6de744218fbbf65c59849bae887894484a7e324c2738bfeab8a783", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "animation.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/animation/animation.js", "md5": "e802ef4f267270728f9e3d63691f3f78", "sha1": "8a6bc4301427928d20165aa8f90000ce50d646e8", "sha256": "712fa2c7e98283528a530b2b9b65b7da8a8a3e7ac1f12eaaf069dbd6bda88750", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_zh-Hant.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_zh-Hant.js", "md5": "8584b392171184c0a366ae554723950c", "sha1": "145f1896c2b304fd6aef7a7673e05667cc94c29f", "sha256": "1bbc4d3193e9050919135771c2fa06b3a7be7faa8aa49b1c752d9dd14d22391b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/colorpicker/js/jquery.js", "md5": "7e42de843778daceb09ced4cc44a6fe9", "sha1": "7e28df85bf17f5f0a8f8a86a758c901534b7dddc", "sha256": "7feb2e0b35c2b5593da0d58ed97cb23ac3db3619bf4796d979f7e92a52fc2b13", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "1.3.2" } ] }, "packages": [ { "id": "pkg:javascript/jquery@1.3.2", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.3.2" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2011-4969", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.", "notes": "", "references": [ { "source": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4969", "name": "info" }, { "source": "MISC", "url": "http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html", "name": "http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190416-0007/", "name": "https://security.netapp.com/advisory/ntap-20190416-0007/" }, { "source": "SECTRACK", "url": "http://www.securitytracker.com/id/1036620", "name": "1036620" }, { "source": "CONFIRM", "url": "http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/", "name": "http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/" }, { "source": "CONFIRM", "url": "http://bugs.jquery.com/ticket/9521", "name": "http://bugs.jquery.com/ticket/9521" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1" }, { "source": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730" }, { "source": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1722-1", "name": "USN-1722-1" }, { "source": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/01/31/3", "name": "[oss-security] 20130130 jQuery 1.6.2 XSS CVE assignment" }, { "source": "OSVDB", "url": "http://www.osvdb.org/80056", "name": "80056" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "info", "url": "https://bugs.jquery.com/ticket/9521", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/58458", "name": "58458" }, { "source": "CONFIRM", "url": "https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9", "name": "https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.6.2" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-6708", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/102792", "name": "102792" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "info", "url": "http://bugs.jquery.com/ticket/11290", "name": "info" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20120206", "name": "https://snyk.io/vuln/npm:jquery:20120206" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", "name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" }, { "source": "MISC", "url": "https://bugs.jquery.com/ticket/11290", "name": "https://bugs.jquery.com/ticket/11290" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0" } } ] }, { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "InboundEmail.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/InboundEmail/InboundEmail.js", "md5": "c0c026adb789b2344ee1fdeb6f399be1", "sha1": "c6f4cac430b93b61e8f7a7f460c80e0b30b3d434", "sha256": "b8d805b6f3bed4fa2f17e267f76825fe50153295644e8e31ef1b33dbfade1159", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_pl.js", "md5": "fdc3a007c5beb9b6730d95a7a44e335c", "sha1": "41ab8bd34e8bf8e33f6c98c76524ada42ed18f58", "sha256": "91f234f8fc2f703701632dc10e6df5538083c45432d12c31f9a0db8cff6afda9", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "products.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOS_Products/js/products.js", "md5": "fcb2963d01625e6754eba11e7dcf682c", "sha1": "a722cbd10586ea924cb078870f1741702189555a", "sha256": "4c2711073d3e928b864ea2e4b9888e88692687c0652f5f1c4e0aca273536ba1c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "advlink.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/advlink/js/advlink.js", "md5": "3eef1c2e0a22af055a380e1d1c78eac0", "sha1": "35b6ecf12c7f2aad0fbed244c44ed0dd0cf1b197", "sha256": "485d56698a0b5d39c6e95d94e7c536bcba43f14432bf6eca82335330a8a2f48e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "RootNode.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/ytree/TreeView/RootNode.js", "md5": "d69d0bab9738e0772368d8a4cd65d031", "sha1": "4f758dc5590b4c1ce88553dcc3fda54d68718fbe", "sha256": "dfefc87ef92ece866c96763f27ea67e7d5b64144e644c1b155db9ba3e956b6da", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yuitest.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/yuitest/yuitest.js", "md5": "02a5f699b5ee8f2f58ef00e8fc819cf4", "sha1": "4190e311df82a690f44a9265b530e14ec3d83b84", "sha256": "361746f2cd1a7b52adaf7c1885c98e7dece6fd8607c7dcf76dbaf1cc7bdbc92e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "arraysort.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/arraysort/arraysort.js", "md5": "3bf9c3de2c85b7dc77c147014368f5ce", "sha1": "58486e164c39b70251e03fa54d94e48451220370", "sha256": "cbc9fc767308988284c11eb7144a4b921dba2073cf979b4555942a23189712e1", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/autosave/editor_plugin_src.js", "md5": "0eeef8d8b92717719c40855dd5091cc1", "sha1": "0901eaf3c717ef7a1216ce6cf6423be02c93034a", "sha256": "c407e4bf86032f34660fa402b8638a4d2dc779e67f4cc42c21147f0c0a9e3538", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "PasswordRequirementBox.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Users/PasswordRequirementBox.js", "md5": "3d2db0f106a845b9df775dce3af58366", "sha1": "7c8befd797b8e53719d3057e75e825a3cf172f77", "sha256": "8869b1ff0cc39180df9a699eff5737a6cf658478775865c8dd6d49cfa8f2aab9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-base.js", "md5": "ca96a033d3e6b40640785c55bec5b0a2", "sha1": "a5718e0a78ff77805b98f4971aff6e211fb9a0ba", "sha256": "270e06e78829508c64ce777db90a585ad7f7ff5ae480354445e1e6b6fc36573c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "company_detail.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/connectors/formatters/default/company_detail.js", "md5": "c0225f1761182495ea499b5dcbc60efa", "sha1": "e68f83b4cbbb3bdbd01350c08d648f266eeda074", "sha256": "92e26d56f8b37b8bc2d2399fe85243761623720125460f3b2a8542a1f376878d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_de-DE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_de-DE.js", "md5": "8dd5c02c4728d4a49db745ad78beb6e7", "sha1": "a03b61244105a897977e66469097d5dbdefbc94e", "sha256": "75fb5dae821653a3905ab6350cdac52e04244605ee0b92afc9eeac13202d6094", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "createlink-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/createlink-base.js", "md5": "e9babe85a72d4edc31370ac56179fab0", "sha1": "07eabc92a3599c7ccc97e2dc0a5f5fc9089d4069", "sha256": "7318ebd8a9ed496bb95a9203a8111efbc9d782e25f262713940aa9fe118962d7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event-focus.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event-focus.js", "md5": "30a404af43e99928fee10be2d5ab0ee5", "sha1": "237faac738e458f2a17bef998e915e7fee2c96d0", "sha256": "099edab379e0a30ac5eadec3ad1b3d6fd0aff7ede51043a71ddf307a467427be", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "calendar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/calendar/calendar.js", "md5": "f5bba267a1b5d3c493b6b8d2aa5ff633", "sha1": "81fdbfa751ce9876375810febb66dd7ea5430405", "sha256": "bfee181291fcce0a1bccaef713c089394b788031734d04beab35fa1e0b31e6ca", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-constrain.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-constrain.js", "md5": "e71f45803ba475e7de902f67ab5b690b", "sha1": "34123c7d953678c5af2e859081bb084cd35ce07b", "sha256": "d5a8e67af8e62ed2061cb7f8cd6d5ad18ace9281da94ccd5f6e6f6ff2b2899d4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "yui-later.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-later.js", "md5": "bbd62f4d6e1f84872b9a587f8e50e4e1", "sha1": "dcb9190cfd517244608bd269c2e27c5965e47528", "sha256": "f26fa69e9e9769e2153599db32d66ed8e1d320e28af1e8d9d0c576b41792a23e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/DataTables/media/js/jquery.js", "md5": "1d14cd3798bc4d6aaf65dd625870723f", "sha1": "0809f9f5caa2642b9dea8bf59133180bfd7c1d6f", "sha256": "04bebecfb9f7ce92cf947ce283fccf067cf6870f65af3456dd22b6c102447c83", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "jquery" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "1.8.2" } ] }, "packages": [ { "id": "pkg:javascript/jquery@1.8.2", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.8.2" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-6708", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/102792", "name": "102792" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "info", "url": "http://bugs.jquery.com/ticket/11290", "name": "info" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20120206", "name": "https://snyk.io/vuln/npm:jquery:20120206" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", "name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" }, { "source": "MISC", "url": "https://bugs.jquery.com/ticket/11290", "name": "https://bugs.jquery.com/ticket/11290" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0" } } ] }, { "source": "NVD", "name": "CVE-2015-9251", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", "notes": "", "references": [ { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/issues/2432", "name": "https://github.com/jquery/jquery/issues/2432" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "name": "info" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "info", "url": "https://github.com/jquery/jquery/issues/2432", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0481", "name": "RHSA-2020:0481" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588", "name": "https://github.com/jquery/jquery/pull/2588" }, { "source": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/105658", "name": "105658" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MISC", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { "source": "info", "url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "name": "info" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "MISC", "url": "https://snyk.io/vuln/npm:jquery:20150627", "name": "https://snyk.io/vuln/npm:jquery:20150627" }, { "source": "info", "url": "http://research.insecurelabs.org/jquery/test/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "source": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.5", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0.1" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.0.1", "versionEndIncluding": "4.3.0.4" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1", "versionEndIncluding": "17.12" } }, { "software": { "id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.4", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.0.4.0" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.0" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.3", "versionEndIncluding": "7.3.5" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.7" } }, { "software": { "id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.2", "versionEndIncluding": "8.0.6" } }, { "software": { "id": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2" } } ] }, { "source": "NVD", "name": "CVE-2019-11358", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cvssv3": { "baseScore": 6.1, "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "notes": "", "references": [ { "source": "MISC", "url": "https://github.com/jquery/jquery/pull/4333", "name": "https://github.com/jquery/jquery/pull/4333" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update" }, { "source": "info", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "name": "info" }, { "source": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08", "name": "https://www.tenable.com/security/tns-2019-08" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "MISC", "url": "https://www.drupal.org/sa-core-2019-006", "name": "https://www.drupal.org/sa-core-2019-006" }, { "source": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html" }, { "source": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570" }, { "source": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "info", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "info" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "info", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "info" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/108023", "name": "108023" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380" }, { "source": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c" }, { "source": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "name": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js" }, { "source": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)" }, { "source": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358" }, { "source": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023" }, { "source": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html" }, { "source": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "name": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update" }, { "source": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.5.0", "versionEndExcluding": "8.5.15" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.9" } }, { "software": { "id": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.6" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0", "versionEndExcluding": "8.6.15" } }, { "software": { "id": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0" } }, { "software": { "id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.66" } } ] } ] }, { "isVirtual": false, "fileName": "jquery-ui.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lib/jquery-ui.min.js", "md5": "8cbf62fc02083afe12a90787cb8f9e3c", "sha1": "6c16d0906b837e37e5a924127639ab9dde1b1898", "sha256": "78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-cache.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-cache.js", "md5": "8ac62fe46996cb6bb65a0229b9728d5b", "sha1": "eb64878a2bf4090a50a8fcc0506d8b3414e47aca", "sha256": "8af03de155b3584c4d8de405bb3b22f990c5df830087b857bebc034e410a7428", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "console-filters.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/console/console-filters.js", "md5": "03767844f7e304c78d5959b966e4be6f", "sha1": "098a051067764abf312977455db8e4f061b17a25", "sha256": "d2a0f7f6f76c3354e92ea6af3ff4604741536704da43d35bc1935aae7b82582c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dd-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-plugin.js", "md5": "a23a5ab90dcc6648a7592c3322e79bf6", "sha1": "920ed2c7eccf7fdfe849c2639f2c570a7c06709a", "sha256": "0e9a7224e570002d8e1d123adc21871182efcfd12f20efaad71096f1c3072a08", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "recordset-filter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-filter.js", "md5": "44f03acf4d72c8948d11d04081510b72", "sha1": "7cb595e87589285fce973c4143f66e4f971b5b76", "sha256": "9f586f29c238bf1df8d3e1514d598cee93e556299c70b602631f3bf69bc4aabc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ms-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ms-MY.js", "md5": "26e19bfb16ab9ea4b4e32b93b6a4e38a", "sha1": "26e26ee29bf9662970fbcab446bf5ac5e5cef60c", "sha256": "e47843861d5663ea18ffdd245f70ec7f0105c25c0e722935257d8f255281bbda", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_hi-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_hi-IN.js", "md5": "aaf0bbcf4d5b74ded0edad0baf854905", "sha1": "e301463e113e07669fddae2af457aa54180ba652", "sha256": "098e59bae67058b7d2549adb4285568af79a1c6161f211dd323df5cfa97e6a71", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable.js", "md5": "293dd9fbb14d1be6a2ee6ef7af1e915e", "sha1": "75635326384a49c51f99c8d687cf0eebe0615c68", "sha256": "e5015f5d86921a7bba6e999b7d71827fb7284e4f19c57a74dd960ffde20c339a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "anim-color.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-color.js", "md5": "5a6e208ff417cd8bacb93e85ec16e3c8", "sha1": "b4940ccb1aee310240bb037db31b48205d0d6fd7", "sha256": "24f431391000cdb694d96937897cd2f1f0ab85b575c4e6d72ef3f32a449f9490", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_th.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_th.js", "md5": "ce8f47ba65b280f5abcaf58d9353c22c", "sha1": "5563ad289f80874e02e4635ca26ed58812a9a8cc", "sha256": "5357a1a25560a1e328d5f697fe5dfa27ebdd7242313ea06ebe2329308d0d5d3f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Lead.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Leads/Lead.js", "md5": "976776af2d77794460dc8bec9a0eab89", "sha1": "1bf441ccd11e262b5162486fa2718b0860f67247", "sha256": "06ba4eff0a839c63a4c9cf193ab8518e9225c82b5cd904346d109169184ebe80", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "ajax.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/javascript/ajax.js", "md5": "6c29f87276d59cd1ec23f246e7dd9432", "sha1": "f7ac99ef6afa23356b859a7d01ff61b86423e582", "sha256": "d3600b018e6b91866bb1c43488de1ac221894e7dae17c16810f5568ba32ecb14", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ro.js", "md5": "2716633e6fdedf21e0854a7d5f752055", "sha1": "3f0f2f433b555ad0aeda31d2332d90cb589bf1d4", "sha256": "642d34d9dd3a918f7d7451e4079e7a03f8c83d5842b1fd414ad5f6f7a615686a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-base_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/lang/datatable-base_en.js", "md5": "b2fb2f99f233cde38dda11b06773c2a2", "sha1": "54f426422bd7d4454b77894d795f3f5b2cd39e55", "sha256": "b696f4a45ee31dfe78816886df5d40a362a5a3b201eba2c8d50a2e325b8b5ac9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "autocomplete-list.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-list.js", "md5": "29b8137ee9ca6e514ab9ac005c98aa4c", "sha1": "13f6919a70d93e9a6308ea695e28cf63fccde577", "sha256": "96954f8fd884d5ca0a8d07c435b0eefa0aa87321a9d0df6f47329e2d0ab8d69a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.hbar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.hbar.js", "md5": "732e6a227f2ab088efaa77c4bc6301fd", "sha1": "3c6f61d3f46f10e093ac45399506be68ff3a9a36", "sha256": "57aeb5cbf12f143c1a731c9d1f8f8403ce547d5ea35541091862674fc8335bdf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-BO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_es-BO.js", "md5": "e7f5f470415165fecc43908b7ef87060", "sha1": "293cc45f5bd88ccfde80a34dc13ad8e5a20571df", "sha256": "6e5efd386f81abf93c5d220408d44af5c78483c596327e08f09d2d3785bc74ee", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "markerclusterer.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/markerclusterer.js", "md5": "219761245abf10089f85d78d167ce9f8", "sha1": "5fad7468fa9ccccc9dd50c02d1d740c731237f8d", "sha256": "866846b3c016c1725a4dd40266057522d1864d155fe18b795262ae1842483d37", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "FoldersViewModal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Emails/include/ListView/FoldersViewModal.js", "md5": "3bd4d38fa4b6d5db35423005004d8d66", "sha1": "cacc1b0a9b765ac3b368810e7b12efbfbd3a6f6e", "sha256": "004961aaa5ccd4289f3bc411e0d2120c73cb8777e0772cbef0f2c009086a2d5a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dbConfig.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/install/dbConfig.js", "md5": "79f06ca98a21ce2ce84378b7403ed70e", "sha1": "53d521e276b5871e966574c83704e5fe7d8e0154", "sha256": "b4236b626a8fdceceea819f9da8eb4609d34ab93a0b46d845efc0744ab83b72d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "querystring-stringify-simple.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-stringify-simple.js", "md5": "e08018ad3356ca76288f46d1d1b992f1", "sha1": "0bd948a199ee5be986acf81cf2747ce844704e50", "sha256": "a0aa2c426a810c406ae35632cd28beb7ee507538cc2481b643b72055b1defc3d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_nb-NO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_nb-NO.js", "md5": "901a3e43ab57f8f9a371cdcae25374d4", "sha1": "7315d6029388da1ddc94fcbe7f687ec8cf2540b0", "sha256": "b028c81fff5581a13ce5f1c9fb23bdab94e85a3fe510b83a2120b0dc060ad35b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_fr-FR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_fr-FR.js", "md5": "49da16bee9addd302ce218421f128545", "sha1": "a0d9c40e906a1d9afb9c66a3d72778df8e9d2501", "sha256": "a31c2441643dc52cf8d2f0cb0b0407ca62631e8971fb069b1bd4c7a4f4041052", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/autolink/editor_plugin_src.js", "md5": "f03a8ec9ad17bd53f897a525e3cc30f7", "sha1": "84e321813aac01c29897bb3967b945f862ffe998", "sha256": "40306fe76b4aa30f18848bec6ef4ed9a489649443b4df75524bb6b50de13bcdc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "slider-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/slider/slider-min.js", "md5": "9a190bd770d695cd077da3ff33d24704", "sha1": "3996b8e70b2434674d6e8b351983518a4e2eaf9b", "sha256": "6e79116839ee936fdd7ce72ea013c639597cffa66cfcc6aedcfb46c17d79f4ee", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-list.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/autocomplete/lang/autocomplete-list.js", "md5": "ca9c96cb300e6da9cb95a5d80af141d4", "sha1": "7efb875b4ae6974b8710f06eff1b23f379c37e5c", "sha256": "298ad00ee74b3d1d7c878076dea487744c66dd121956c6b30e0cba4c47449f9d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "style.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/themes/Sugar5/js/style.js", "md5": "e6fa3c96c6030473ac719ee877687713", "sha1": "e08b71b46ec41bf67a02d54e812fc8925c2ebeb4", "sha256": "8a6a35a824e03185ae9cb294581d6455d5ba86b3dec9130e9f79a3ea3d53ad67", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-xml.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-xml.js", "md5": "cc6d5ce5203d3bc3f1582be86fc6d231", "sha1": "d7fd6e39a975248880faae8439d0cd5555778975", "sha256": "3aa6a8c53dab8692d0d3fc845de7441e064eba12583c94ed0179153cdbfabd93", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/paste/plugin.js", "md5": "f696ba17a91efd125eea2b68521604b7", "sha1": "b5d776b6385d7502e04b5e72609ffa6989763499", "sha256": "daaa7e2e630ec5c2f3ef0c200cea098ee9e70cba9cfabd6b38d0685a756960b7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_nl-NL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_nl-NL.js", "md5": "8d24dbcf576fa7b26692ba4526362425", "sha1": "e786da46c0bdaaeab411bf50aefaea413ef85a00", "sha256": "79eb7832a7e7dbdf8438a94893becd22ba94086eaeae67d95910477f8141a005", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/importcss/plugin.js", "md5": "2e548a7c93a8b0fa7f0cc2be92e4ab8b", "sha1": "bbb6fa727dc2fdbda056d588112ad685ef04b336", "sha256": "db62a2fa9d7bd420f947aaf1b4d7d878950411a816996174479a688d5afe63f9", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fr-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_fr-CA.js", "md5": "b16d3bf4a5332caa68a984ad70d6b9bd", "sha1": "dfe6fb5b9cba0a0555c6f6672eb9f316f9a8abcf", "sha256": "628c6409881881f9ef221c64384334c820a3a6e659ea6a8a09b31f9ee31119e7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_th-TH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_th-TH.js", "md5": "3490e8b7235d5a6561698b8542dc4c13", "sha1": "14ec5bda5938eb623ae4b04d0643bb1e29d31ff5", "sha256": "56eca75132a855644b38d2ea2159f8f42623a6390d65955ec6c6bdd82e13a3cd", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_hi-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_hi-IN.js", "md5": "4c2c723fb6838e9cd15058cfc64264ad", "sha1": "21107ecfcaf357ab67309be16f6b828d84d3f26c", "sha256": "46935f1114b9aa75aa57eaa0da338a83caa5b7be67589387aa1391179b863628", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_es-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_es-US.js", "md5": "7237c4c482c02e2c2d38b40de595391b", "sha1": "d9cd49fb7cd055cafb591112d4c204349a0ddc2b", "sha256": "92596a5a49fba33cfa76e0b09f18173fca5f84fa4ea5f043c21cf115f800a90c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_sv-SE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_sv-SE.js", "md5": "7056a9d7c93474acff5dfd23a78594b6", "sha1": "f70c4b395c943f0059929cc1fd1a6ddb82108ba2", "sha256": "6eadcf3217072293260322d049aec546ac3a63343a79a3bebd5a188616ef55a6", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "popup_helper.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/popup_helper.js", "md5": "25dc0954b65c74d314683cded97ce7e9", "sha1": "da00b8d0d751f3cb9644a915a7bb591499d4482e", "sha256": "62538b219df63efe7612f3345232f2fd66011de2137139e434df50d5f7bb1262", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-CL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-CL.js", "md5": "274ea665dabc76dae9e2c316c68d51f2", "sha1": "8e26a90a59a7a9d5701c14ce62fe7f2498e125c2", "sha256": "e62ceb0c83d0e7e8df3864631a0aada34db58997614bd89f1a3bdcc926c1a413", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-CO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-CO.js", "md5": "e251d8573234f4a63999ec07c3683105", "sha1": "a754d41a372efc84090ba634b0567399d83dc6ec", "sha256": "71279262a6fd79b7947967347fa89d2f32d895593844103ea1a4dba01fdeb124", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_hi-IN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_hi-IN.js", "md5": "b23af73f6db6adbb3426de1a79e4301b", "sha1": "baced095776915139a4b10db185de167214a0106", "sha256": "8a67310c663f3eb01a33f121f36516dbb627f847f72d644a49daa6e3f4f11da0", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_ca-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ca-ES.js", "md5": "ab5ea38effc255e816033e1f9ffb1839", "sha1": "fa82f7fb34368882c64dab3b50357f7bc836802f", "sha256": "d31b018d00cc214d703a898d9c8ae62353c34fd53110c155e5024f0361dbd3a3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "about.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/advanced/js/about.js", "md5": "4ae895d8be28f8b94dd4f5d206cd7d59", "sha1": "18f415aa858f9386cc63ef1335dd7dde822acb2f", "sha256": "2faf296879ac0ed171be7a8dba73e9ca48162947bf103668d773e133a01807d8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "anim-node-plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/anim/anim-node-plugin.js", "md5": "6226934aefb6aa6379f8676e6236067e", "sha1": "874b06fbcb299955aef1e19ff1611cab5a5fecbd", "sha256": "a239ddc7ad516651fd7fdfd0f7c40adaf93e30919d0320cb5e2b9b1503edc57b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "text-wordbreak.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/text/text-wordbreak.js", "md5": "1e40b5d45368b320917a071dc8a79dcb", "sha1": "9d63e000f0610d7fa107d562588dd2a6320ffa07", "sha256": "fcf6c82b6e28da11a3e8f6bd1373dc9fdbb1d475d13c9d00fcae6db856a175ac", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-ES.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-ES.js", "md5": "9bd780899634e5ed28c712cf24a6e4ac", "sha1": "46e7928c35b6995640dda740673b9897b626ee7d", "sha256": "5e0e365a2bb12a38d9b3071f3ea47fcce714eb41518abf378ffe6f3d69fc3568", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "storage.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/storage/storage.js", "md5": "b7f06de61ad71f58e18ae7909bd13e79", "sha1": "0bc36bf0ef55cbb3f32fab9710b796ac433da698", "sha256": "7a2666b660db710b856bf9953ae727e0d121a06f21f6795b3204323172438a5f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-PE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-PE.js", "md5": "5717b69c01c20c5ece3f662b0a84422d", "sha1": "c5fcd7001b19d2958c34ee77e31b41eddd1af2c7", "sha256": "df02c345dab06abf7042cec4088ee01002e8a40282d12b86647045a8d4b019ba", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.drawing.marker2.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.drawing.marker2.js", "md5": "a0851127c0177581f660318134d1eb6c", "sha1": "62e2293d99844caed34b33a4a27553576f6d407d", "sha256": "6160a7673f6341d512581b9dde22770024cd126c479bfa7bc13611b39551ed96", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ja.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ja.js", "md5": "76d84ec5301ea700ae9de341631415a7", "sha1": "2a18c6fad1689fedd428333dc2c9b9a43f8115e7", "sha256": "557f6135dac4663980a96bce0313b1411dc11fb255f32b1779597112efe9dfe0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.effects.custombounce.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jquery/jquery.effects.custombounce.js", "md5": "bee3ef7f90fea5a7caaf4a5b0268efdf", "sha1": "99b21ac104ecd1f2cd717dd108aec32fa9a8197a", "sha256": "16ad7477ad848aef566717df99617d8095a53d4ac046c5fa0464eb1b656564f8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-SG.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-SG.js", "md5": "896d590f72bdab697f0e7e5710af103d", "sha1": "c4b34defe9448a750f485ef5b9e56cc0e0a9034d", "sha256": "6d16fb237d184e66a886213acb47ce5ea12b54c2968db7eb66b704de95eb134e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "iscroll.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/iscroll.js", "md5": "b6c232e3c54b2a1320b22c7ad920c842", "sha1": "5cd2a24c4ae12e3c1dbda81f244de624594828db", "sha256": "c31d312bf208541e28cc9b149a64809142ff55f55948a39f13fe0e2db8245262", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "alerts.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/alerts.js", "md5": "4cc19550e5d856a240b80c6317666eee", "sha1": "929f7b72779ea0cb9e6120728f276e5e7f8f622d", "sha256": "fbb47ae246c0dae6ca34aeef9ddbd32e7e3a90224f3ab299d5074306085b7551", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "yui-throttle.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/yui/yui-throttle.js", "md5": "e330a608bd5840f2c1cfbe3b2471ff46", "sha1": "e78cdce4b719aaf486a7ea5aba72529ae1551092", "sha256": "cd038101dd926fc27d1a91caa4100344992b3d2d3990dbc49bd163a30d78beb7", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/anchor/plugin.min.js", "md5": "aaecc3182b565dd36a0ec82519d63a62", "sha1": "0efa4a7ba4fd02065f521f7f6bdabae287d69b3c", "sha256": "430ec08cb4a26afbfa1890770f94eee7aed8a29e351f811a152b18d48e107589", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "studiotabgroups.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/studiotabgroups.js", "md5": "c3d48dec838914e457aa099d9225d174", "sha1": "4c5010b4f974d777084d5f412aaca1c589d65475", "sha256": "b2f4ce88d8e31b35fb948229f23963aca686aa6233c7f8e85887ca1cb30dcdbb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "htmlentities.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/phpjs/htmlentities.js", "md5": "a4369a51c1d8d1670f78b68c28330424", "sha1": "f720b9a2de290070aa151bb678608d6ab308a67c", "sha256": "2f9bb2eaca29ec74f1e2ae7ed291e39ee014bbbb2313a8ace0daae3ac623dff2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dragdrop-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/dragdrop/dragdrop-min.js", "md5": "badca1f1ebc924d6f55cc6da02bbc0e2", "sha1": "d7aa8f7eca6b5ed35f73aab8d333f0fac527a559", "sha256": "4ca62decff89aad5983d0a61435474c78835f40cf9e65f443868c2f114d8279b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "selector-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/selector/selector-min.js", "md5": "30b2885e01bce8bdf413d8e1e0842697", "sha1": "0789a845f221185a940abf0a2cc1757e6ab1a8bc", "sha256": "bc287d7a475b23cb5597c3225c2805dcdc3a7adc195608cec519993f536db120", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_de-DE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_de-DE.js", "md5": "0c577d7b913cd7e4181ae8d9f5a4b09b", "sha1": "ae933fd8cb0f90fa0fe5dcacf5650e20c97a7a33", "sha256": "adbf23c4a0c79227e3cfca8713129ac1c4a86bb1c70967057492a90b75615399", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Project.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Project/Project.js", "md5": "79ed42c5778f501dc56ce6ef8f4a464f", "sha1": "ba2c317f8bae5c87be889266b01c50e2f7b1e96f", "sha256": "e727552c9f8c2e3bf5cfbc4dc85951fd06c660209992d3197a94dd11b0060a61", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-base.js", "md5": "b25d8120b7ad2da944430b39a06dd128", "sha1": "2a185b9c2e9d8b81fe3066337bc9513c6f93d567", "sha256": "8d80b82a2bca12ac76dd92451272664879f8b7a38cc40888214dce56e5a76d41", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jsclass_scheduler.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AM_ProjectTemplates/jsclass_scheduler.js", "md5": "9b624cc19989c3c7aa4117a8a090fd8f", "sha1": "e166cb8d11f5bf17076de845f8ca87f8087d5b91", "sha256": "6c49803377187baa2e320d0935168e24337d51013db34f5636eb191092bba1f0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ko-KR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ko-KR.js", "md5": "c515424832a9aea1004f8f5c27122ae1", "sha1": "a6ed3fe9ddb183e37bc87937bebabbc54ca1a967", "sha256": "9e9fd2da94c3135a9bf96501bff8a842c83d2668e8a5f71a473391675b53746e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ar.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ar.js", "md5": "169da6f44ce529233423d9698ab7270d", "sha1": "05d97d447b44832a66dbed23f5a30e8a61429186", "sha256": "42e2d6ef725b84a4ee9036f40b3b315d72f7f6865d98feb8807485aa7a02846f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "login.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Users/login.js", "md5": "9776ceb7e44df34b157a478002500782", "sha1": "ca2905402418cb79d6df547a97056c2050296189", "sha256": "352126de2bce460f77e0c0f2ae4fbe32f3e348934755e3868a41c96db8db9ebe", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "syntax.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/assets/syntax.js", "md5": "4099ad678b4ce516afa04ba6b112a568", "sha1": "5600e74b7f238cf1769ec87e10ffc236a26e3f57", "sha256": "ecdec05a359364ccbf8d873de63337e4a23edac91ff033c726deef034b66b262", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-queue.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-queue.js", "md5": "cb877fdc3805349e0a2bdb044efbfa2a", "sha1": "b5c6652a9ca7d46234e06fb9d472899fc0439d31", "sha256": "074c3ee6064611d0b1c5c4d94f81f162474ddb6edadeb6206409baba4ef1cafc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/fullscreen/plugin.js", "md5": "5ffc2af676c62241bcb028fabb7e035d", "sha1": "fd9859e425559ab87149324c411eebc9399dcac5", "sha256": "2f835ffab773fbef37b94b37cb7363d96e84ab87b9f20e3bc94b744b668462f7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_en-AU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_en-AU.js", "md5": "ddd4dd90e259a04d4704352fd504307e", "sha1": "8888d762fda92e9a044bb4c51087b17f8d3f3385", "sha256": "ae1a7838b7a9efbfb36bb822605d30e5e69b0f156f6b9ca1777b8439f2cc7689", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ja-JP.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ja-JP.js", "md5": "dd81508ea3f2e837a438c87617464130", "sha1": "23827762f8317c102c42a6c79fa2081e55cfac1f", "sha256": "cbde446d47cd4cceb0c844dbf0b1d726766df6a33767fa91032f08bd32bac1a8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/themes/simple/langs/en.js", "md5": "50dce0602a45ba9fac56f12f76a63ec3", "sha1": "60b6dc0d16b2f50607a1790f3e64dbbb3b4b7afc", "sha256": "06f4c1c6c7567ae4d566265ccc3cebeee940ba1ea1d59d66bced5cf7714f5421", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/datasource/datasource.js", "md5": "fbc4d52f48f2eb59dc46de8d19e48522", "sha1": "602707a497a23761d0deff6c0826263d3b33c859", "sha256": "2d6f683b1ce8517bbc50008608243d0863496f242c246fa02b968555c09a262e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sortable-scroll.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/sortable/sortable-scroll.js", "md5": "51671f07af14a8cc03d5abce2ff44606", "sha1": "0b4bddd9b641256ab74514a8b20dd64d6808404e", "sha256": "15d0a5c8f7af1ae82f08cd6970cc6852de7ccc69a0bb6542970904e2b57a8009", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/autocomplete-base.js", "md5": "9d79e5bf583132dc3cbd43d26ca0693e", "sha1": "1d360d5fa7886edc10d1c50dd968e1fb49e1a607", "sha256": "ddfd53b501d0e1eeba79323dd550d2b72f0fda808637985763c27286a7476813", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "SugarFieldFile.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/SugarFields/Fields/File/SugarFieldFile.js", "md5": "5673fcbe388ef5af0fe7eca8dddf68d9", "sha1": "9108ec41e5108f9c613d7bec22d99dfb05258362", "sha256": "28f69e6f2ac7e320a3f315ead03ae8424dc537cdb6fb302cea36b34760e6ba13", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "profiler-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/profiler/profiler-min.js", "md5": "85f206f317997d4f487a57511a72739a", "sha1": "4735ff8faf324b36d9d4e6f5434bb658037404dc", "sha256": "546f56cb91238cca740e101599566ffb1c1473e55884d41860832b2d461cc6a2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ar-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ar-JO.js", "md5": "5ae46df47b2878d2d12480e378e2d73f", "sha1": "20223b1519d8279e0654a5266aa417cf05665153", "sha256": "285fb90a0b987d7d3a42ed9e545bd976b01e4e4388f61b8d14e4cd18693f49da", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_tr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_tr.js", "md5": "29924b2214550273e3ba5477797baf70", "sha1": "f2c2faf71309fc83deee8f48c7abda7e45af862e", "sha256": "d3e4c00f90f66065cceca06708b84d82da72488c4ac28cdc4523120df50e415d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "EAPMEdit.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/EAPM/EAPMEdit.js", "md5": "0e4186b5358b2b403e6c6ef717ee7aa4", "sha1": "d5cdca146161760802c199122d1d0daa52e8b4c7", "sha256": "14219fed27e98e53b794a92907d1ec62e0abaf02b45a87fb926927f8bbaa316d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "quickCompose.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/quickCompose.js", "md5": "31c8e3efcf325c0c805018587fa585cb", "sha1": "0924ff4a35c7ca5b49e92c6d167577a2e0e6f632", "sha256": "ff0166183d427ffa58bf58a1873d452b09e8136b47854c19c9109956d6b1ab41", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "row.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/js/row.js", "md5": "dc1ba9fe85eee31e14dd0ef9cc6bea76", "sha1": "9378a79a4e0fb2bbcfe587eb9acd3628c9209567", "sha256": "95a3d6f0c4f01a077b06e47900f622726648a95e322b88eb4fefb35e728b5097", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/searchreplace/editor_plugin.js", "md5": "ed4f1fa6e12844b533c86258647a298f", "sha1": "b85cd78da76873fc628a091405e4e5dba833d0b9", "sha256": "6dcc8538fad0a843d679f28089e22a0d8e495ed9b853d1be4e7f682225f83afe", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/media/plugin.js", "md5": "574a6404fb72dc4e949cb715b7bb055e", "sha1": "86a0351a379dbded4ba374bb7a547e6df009d00f", "sha256": "40ee39fa5b469adac7e702e0f78281869cd3de22a6f378b2fcc6474f91727369", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-AU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-AU.js", "md5": "a4b6910f22c0aa8e97ea9df4345799d8", "sha1": "0464ad3afb51f5f1d796e4cd941046dcfa39d36b", "sha256": "d2d5e0fab247b4a5a57e2009176c6d12fa9c095281956b66f395f587d2fdbe35", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_el-GR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_el-GR.js", "md5": "282cec1db186a509993b99a9bc2080bf", "sha1": "6efdbd59c790fc283023c8d489fd32ca8e2ccee9", "sha256": "c6d2cdd5449f38eee80ca415eabf9b819ba179c23894f0c30f9c1b19c9c4ea2b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_es-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_es-US.js", "md5": "e8b334204578b5fd22b4ee4b0695a8b1", "sha1": "55188d545d31d167a060248a5fdebdcde4e5fa0d", "sha256": "ad28feec9d5f386a65583dfb9fcc79abd8dff4c7ef254687f8854d18ffb0d6e2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en_dlg.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/langs/en_dlg.js", "md5": "45db1586e7debc385f63092a13a9f43c", "sha1": "5dd481b6aa82059ad77e2fb53d6565a942e22a3a", "sha256": "328f2092746d07c1efe75486e927ec158121d119358ae479d9a16683bb5574b5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ar-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_ar-JO.js", "md5": "4aa57e6d14db6e1c211b06103e6a30c0", "sha1": "1c3b05418a2b811685c9d5431f45065659b6d0b1", "sha256": "aaf2503dd8d3f0d1cbb0b5ce9044326be592f5dae00cd6eec95b5e084cddfe78", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_el.js", "md5": "b1a7cd81cb7d2af29ea36236c8e702ee", "sha1": "0b3b8a2a12195863b410f46fcec613ca1564b6e0", "sha256": "fb963f10efecf47e32b3ff36996cb79129f35bc2522f5834675136ea8191f2bb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_th-TH.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_th-TH.js", "md5": "cf9602cbbbf96a836c984d3a046e57be", "sha1": "96bd1b5588c5790e8e6d57ecd7895ab5adda9fb6", "sha256": "55b53c0143bf76ac9c02696327d544496ec073ec4c5ba50b02b68acd877b5616", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarEmailAddress.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SugarEmailAddress/SugarEmailAddress.js", "md5": "2b6a6be54c8daf67b59de548d108e50c", "sha1": "40d2268f50dab1f18bbb5141ca0cdebd8441e544", "sha256": "1fa6f68f0046e7ae080b8914c3da6410866b1d32b466b968a81c6636d12dfd2e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "oc_install.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/install/oc_install.js", "md5": "28efb4bd98258f07ed03d396ffbe3242", "sha1": "09e4df2ffc9df77a6fbadcc508359be5ee11f55d", "sha256": "600105f65321e1c5ba76bde6710d1d559d9aa9095f8483da35e82483912109f3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_th.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_th.js", "md5": "3d78649539a1a4b790aceb802ca1a3fb", "sha1": "8e2d5c567ad262e72da0621a4b59e32a0a4b5ca4", "sha256": "1e8d5eb0a2df1df4b47208384870688745453bc6d0bea5ef837892165cc6427f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/editor_plugin_src.js", "md5": "028a4008975327acdc186d4c83645225", "sha1": "ce6ad050e87fc3f00989a05767e937fd3cbcccfc", "sha256": "991762afc8a9988286a5823dc3654d186c870e67d073e60a2eef089d3644f592", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-form.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-form.js", "md5": "e56cffaffaa3b266f5a9b0de3800715d", "sha1": "c5086afe8bc8535452fa01b1af888f93d6fa191a", "sha256": "42df467ec75e3625db103dcccd5a9506634f1327d85465fbf767d4d14b87c65b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_ro.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ro.js", "md5": "5bfd6b4f559c12b699b6c1e3bfa869d6", "sha1": "85e309558ee4fce2d5e9e241aa91068c3c92c12f", "sha256": "187dec8d85d46a13b6d9c34374b6390afb6893b7804ed5d7f00275d6c528136b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "gcal.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/gcal.js", "md5": "f5e05f890a3e45808c5e9569662e9547", "sha1": "c7c7db9d0a8cc86f15f17477b8be6791f0ee4811", "sha256": "529d2769133763999c70a0ee972647c7d2a7d213e1d7316c0f09f1e15eebf729", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tiny_mce.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/tiny_mce.js", "md5": "d05b9fcfe267e8d54c0ae8830cb54be0", "sha1": "8c28bcbf8d4c33356a50cc3febb11787870954d7", "sha256": "bfe35895684a3bf6a8792848bcb5cd636051d30336e78294c095ddf7cfd68d62", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node/node-base.js", "md5": "97b14f82d34eb09d6f4b8adaaf04d8d6", "sha1": "6ab7fac66a825d28034afcdf809f38c34def8bf8", "sha256": "9d7ebab234ccb4c0218ae341d05858c343aa31b8c4ccd37e0417a21e130d6757", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "facebook.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/social/facebook/facebook.js", "md5": "8d2e3b14e60042cb7d32b7f9d2e306a0", "sha1": "b346a6b03be7c2ec23af5c3d0c9696bbb8bdb32d", "sha256": "e8c8d5ff278fdd642dbdbd71afd87adbf25fb9d1a9632db4e07a122f82d74348", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "imagecropper-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/imagecropper/imagecropper-min.js", "md5": "6ef7180cf3915a6670e7926d2c4481d2", "sha1": "3ecb9ecbccdbbee74c6ca9b2fdf2b79ca8ea88f0", "sha256": "ea21d796683b1fd610956f6b19b623040070847fd38a440dc276b650ce19c18e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dial_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dial/lang/dial_en.js", "md5": "d617b2315ffa83e397a861725ba78ac9", "sha1": "6e6db7155fba9c951567e957a2a97a31741bf233", "sha256": "d8eb2566e8a64d583b0e26460e3f4505964ea9436da5d16d210c7eeba0e89a49", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd-gestures.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd-gestures.js", "md5": "c44b3dbec9142f4b2866473f8697604b", "sha1": "f024230109bec3c5233ce65eedbe7b3562cd1a71", "sha256": "51e695b70280e5b7d74d05e84e8b581a316e7272fa5815228a99cd66e35e243a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "data-uri.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/data-uri.js", "md5": "2edd947e7e2368ff3c83ddbfd9de6cf9", "sha1": "e3c91a27aa50be48eec1acd49eb7f44f29e676bb", "sha256": "68e4328de0764a40664da79d873ea1157ab164009886a89a79c4ab3b346538c8", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "htmlentities.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/phpjs/htmlentities.js", "md5": "ae4aea1596c81728b3cbbe175120e945", "sha1": "d56539b3e75bbc630359642c146defc1780af319", "sha256": "0313a03de59abff36a8c9ccbf679f154fe6792957c7e7861c3f761a52e0c3ebc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "retrievePage.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/themes/SuiteP/include/MySugar/javascript/retrievePage.js", "md5": "54d7a1f7ca66c115b1a88ea04675808c", "sha1": "207d3a71ad6e6be91d52d83e1583d8cdf00a6616", "sha256": "7658b4087ad50329ee7b813c2bcc97326b8a211ea400cf9659fdfe11805c93c7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/tabfocus/editor_plugin_src.js", "md5": "12889ccf8caf1d466859ba949f52fbca", "sha1": "abc4255eccf5f6be6377626a3eb8ac7e7433a8fa", "sha256": "24f21ecdcf11129af4656a2a6f9a458e4711ede4462c25de2a4238d784e57513", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ko-KR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_ko-KR.js", "md5": "e435597fce13308aafd02f7841502f52", "sha1": "56accf9cdb2eec6772db553f4e19b59b2b7fdae8", "sha256": "efc858981101311a25ed1e04fb47482f340f5fad078a542399f34d7fcc6914ca", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "attribute-complex.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/attribute/attribute-complex.js", "md5": "4a51849ad529006434f8d3e98e07f72b", "sha1": "5ef2b0ce6a711a2e6c6022738d85ba68bcd1c995", "sha256": "99d9c22b2fa5ff84e6f994b15b4f127250451648a1d281e312133f567e135a81", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pastetext.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/paste/js/pastetext.js", "md5": "69ba0c60f23785b0c60e56b1919e53fa", "sha1": "da984bb125ee83e489e89bbf718b7cdca54127d0", "sha256": "02fd811eca8087998b05e4e3136e024f8f93a883f06560b1f05f8890943b3e7c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "emailRecipients.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOR_Scheduled_Reports/emailRecipients.js", "md5": "30056240ca6885b19bac0dffe6a15b06", "sha1": "7e95802a40b7035f5af4aabdb5d4affe81665641", "sha256": "d2ba787a265030b7011d60532b0bc12d649d4825563d1ad49e3651c86ec033a2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_it.js", "md5": "a188506976b870856e8384d59d259187", "sha1": "4cae6824a276376dda3bf73ea3695bcadc12392d", "sha256": "27966d9a5283ca7553ecf28c040b00a4804ab05b72b2256dc811347b44553529", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/bbcode/plugin.js", "md5": "e816457772dadf43b18f2a3677b70568", "sha1": "72eeeffba55d9bb59fb286613d23a3f1ce197083", "sha256": "ed63c3705a48664142991c1b8990fa3a11a83be68a63bedc023d355b6041e141", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "history-deprecated.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/history-deprecated/history-deprecated.js", "md5": "20f8506b329ae67a7696c85d3043936b", "sha1": "ae6dfe74dbf9fa96d2136f7cfc7ea784feb49afd", "sha256": "337f2416bf5cf1bdbfecb2a6774d73ce42897bf521c79a418bbd8f70141e2352", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.odo.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.odo.js", "md5": "f827584d4423021ce536ee19e53d589c", "sha1": "b84dc05e3c347b4278086fc8d0ed4dcbecc51212", "sha256": "3ebc5df7ce347b030b7f16798a0d61d7044229de94a83901f5858729256dbc34", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/save/editor_plugin_src.js", "md5": "54c757ce6c730afc71d6ac0ecd76e6dd", "sha1": "ca6001bb2fecda9baf7259a86ada483b6e0c8121", "sha256": "0ce17848cc6929706e85768cc0b379945e9983fbb687510640eaf34cffd3ffa6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "line_items.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOS_Products_Quotes/line_items.js", "md5": "f5a912caef733dc463431667b2de7581", "sha1": "c574b3fc86fb83b7b89e03077c80b0995879654f", "sha256": "f4ce107214e50ab6dd7f6c54daaadf08eefc74135066f1710f4fb36744588f75", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "connection_core-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/connection/connection_core-min.js", "md5": "1cdaa3d0261967f8da27944de798b182", "sha1": "98616ce0a5f9df26ef96f51e7e799d6737a16efe", "sha256": "865152a2d2f6603b000bbc58b1fe7e362165961291d41bcbe520887454885387", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_fr-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr-CA.js", "md5": "21a7574558cec2f782187107d2677a11", "sha1": "e44c4b0fdde91083a3bb00fe29d2f5eb414fdabd", "sha256": "d8e3388fef3a5a0a98309917585e7265de0c7de6017f25ca8163ec2de92aae9c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "single-element.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/single-element.js", "md5": "58effb0b324a41c4c27b340eda9bb4f8", "sha1": "37d9e442ceefb01a4aeb7bbd72a004fca102ac1e", "sha256": "b3ec4c3e728f77f4e5ac9a9c142ec8a93a03366e80ee17599bd3ef16616baa8b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "progressbar-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/progressbar/progressbar-min.js", "md5": "3eaabc5388211b03d2cb680c171f7d0a", "sha1": "18ef0aea7ab3c76314e32012f6863d9da2da610f", "sha256": "e17505a2864dcad35b5cbf471a092dfec4c0c703c0bed4c0808830ad59e0fbf3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "resize-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/resize/resize-min.js", "md5": "6e75b01192d052b2c613aa4100caef0c", "sha1": "b11b4d215d8c1f76035f1ac894e6f82178d52366", "sha256": "d06d2b85e0da7d50ed483ba4f1cbd6408b4aae98a3fa2d75b3ec5a8f46e0631e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/template/plugin.js", "md5": "e47ac6c81eba842702bbcea9ca6a8be0", "sha1": "a2f39950fe6be551d984f5e2ce3975581d794ba8", "sha256": "e7de143b75ed3553c228d5b15ba86be1bbf473247edaa9f7ea6db24ce6a81f11", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_fr-FR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_fr-FR.js", "md5": "466ea3635df1a5a5d10f2860bd71e2a9", "sha1": "51949b5bbf418a135961a107b11b6a8d433d99af", "sha256": "4693f2fe6c72c5183e7fe9a9a386dcd3abb029a79be1cceedd89ccd72995e8fa", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "attributes.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/xhtmlxtras/js/attributes.js", "md5": "fe87f2428a30ad779c364042335c9284", "sha1": "3ba844db5f994695c9c6c71f71c712f8a3224436", "sha256": "15e177d213dd728bf922af8ba87b6a5241948ec80adb3c712420c2313b87a437", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/editor-base.js", "md5": "cc4fef2f75b4bad38388347f16a3602b", "sha1": "6d0d0cb52cdf46e6f1c801d3fc2533762a02a85d", "sha256": "cbd5cc92f0ab1060b23aa4c36623290c7b330eb0a5fbdc298b17c4ecc0fea1cb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_nl-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_nl-BE.js", "md5": "cdfb4835bd77536d0e0e507f8b1d8336", "sha1": "bbc7fe99c09d680f972b8b849149c6c762144d82", "sha256": "94a31d5b94804203ecc962077b77569112c6980ba1f71106547c33c88c575b13", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/example/langs/en.js", "md5": "e3c958c51f74663e53d1fb5fe90c979f", "sha1": "95c93b4a790c60f62d0ce6aafd4f46f6af67f362", "sha256": "a145086c197028a5b91be719eddf90bb32eb64169b95fbfab5e122a5a3948ecf", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_nl-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_nl-BE.js", "md5": "a83dfd36bbb918b984eebd218ac2e317", "sha1": "7d0d39cd2a6b209d134227333cba86368af2e450", "sha256": "071e5399669d3ba88a0510b8439d0e13b7579f969cefc4d93c110b955108f2f2", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "selector-css2.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/selector-css2.js", "md5": "fdcc60edaafb138e1f89d213ea5cc944", "sha1": "3b7251450f4c4abb0f9a19ccae9d7a59573403e5", "sha256": "fc4ca3595451796bbef62ecd560e01330015ea3898d4abff0bc6dfc27b7d0667", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-JO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-JO.js", "md5": "50d69b8d43612d7c49c8169235335bf4", "sha1": "d25720d75d8087f5c862b560cc5a654da5642e4a", "sha256": "3c7d800085259f7203b270a69fdb0772f7f94ed2675aa2e0ca71bd12058a12d8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datasource-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/datasource/datasource-min.js", "md5": "15ed786423ad99e59746cf7368a55b45", "sha1": "4a45077e8fafabbe559dcb96f12167e180bc9c91", "sha256": "0e5568a05ec8cdef32d935dea1a4c7a1930a99887eb10d70cc2810d42b40472d", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_zh-Hant.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_zh-Hant.js", "md5": "f3791630248466db8b5fffc11e86ba16", "sha1": "58fee96ad78957a71b5d4875ab597a11dbb80517", "sha256": "5bb4501e284e82ff08b552abf005d26cacb4da26b4b4f9a93a6b4ffc0feaca2f", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/example/editor_plugin_src.js", "md5": "bcf32ae2b22b5d1958679763a0ab8b64", "sha1": "a6e68280a6fe4389c795c9a97263870072f1e3f7", "sha256": "8c128de32221d41b2371f425822574d6277c138e0fa8a8113536b814e9b2de1b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/nonbreaking/plugin.min.js", "md5": "57e70fea5eafa39e96baef5e3a161345", "sha1": "59884f75d3e2bc6c1f7ed7867004a998a92bfe7f", "sha256": "657a112a9941c4ea4e7c574b011797ac332dd8880b1f9a3a33b679e971448adb", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "syntax.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/assets/syntax.js", "md5": "f82cb6365450a5a1dfc14bdcbeccf86a", "sha1": "b839bf8b5c1bfc3b8a59a0273e0db9a740318bdb", "sha256": "51e7d96563cb2766e177a4c07bcbcf27fdcf7219caa034eff8df6c5636c8ddbc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_fr-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_fr-BE.js", "md5": "cc693072bbcba056f4ed0d61ac440871", "sha1": "e74c718839b5236ee007b216bf5776ca7a4b229a", "sha256": "e4bc6391dacbb0d842c3f74a2055efd982dc654e287c1dfaaa41f911928f4c17", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "array-extras.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/array-extras.js", "md5": "9f4b94a30f13e1e66ae5946e3130a010", "sha1": "9175ea86ec324aa56995e17095f543cb247e4a8e", "sha256": "9fa4171ebbccfb398fffac6778bb00023ed1cbd08469c7b2cb13b92302bc681b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dom-style-ie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dom/dom-style-ie.js", "md5": "171a5b66b0c34434cbcd6879e2c2ffca", "sha1": "65c7b67445d42351e0e3fa261a001cb16538adca", "sha256": "e3b71b1bd40f168651e67ae3fe4dc8c600875903f06ab3afc80f7981004a40d4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "financial-data.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/financial-data.js", "md5": "466abe46fded9e9b64ee78ad6684120a", "sha1": "338d93c0163f38911f1e4af9182d206b8b73dcc7", "sha256": "b6f3d773c776fa15bb2e6652dd112b9b9b4a95b0612cd3d658eb578fdf554b90", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "event-move.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event-gestures/event-move.js", "md5": "3edce75757ec08bda4714b72b6b6b9ea", "sha1": "26ebe091897dd5183dbb18d87efe7096c87a263d", "sha256": "157a365dad7f70725e442a7344c41e6e86e342d02208bbe6c5d0b27bdfdf6a0e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "studio2.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/ModuleBuilder/javascript/studio2.js", "md5": "a166be6664505f842e098ee91773294a", "sha1": "6cfee2023ab73cc03c02518fe0f3719f584669c9", "sha256": "599627d184a33572bfb14e1bc3e8aca0e4743e4694fd8b39fde12d83def5893f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "container_core.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/container/container_core.js", "md5": "479831c020ed14fdbd7b4fa4909dae63", "sha1": "e4ef54871cf321d880baa513cfece25bcea3fe43", "sha256": "c17dda42a30732605ca7478809bde44f1c08721caef074a279d411d9fe92daf3", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_en-CA.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_en-CA.js", "md5": "a4110769bdaf9c65fd4cc31a0546c417", "sha1": "2574922c4dc8b8d42d1c84a6cd06489e1d7fe9e1", "sha256": "ff2e6b0a1dbdbae081c4bb1b5ccc24b06ec94a181e310b05d0fb7a6fa807b7e2", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "io-upload-iframe.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-upload-iframe.js", "md5": "ffe476fd588d34aa32b0d9b281569c05", "sha1": "026c73fd494f1f2d2e9eaea2807f5b71e7b8763b", "sha256": "0af255f02d7c07d01f5d48bc4faf1bbf74954d3a45ce9891d1e011d9d3b32b29", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "io-xdr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-xdr.js", "md5": "11474eed744f3aad9b98cbba0473ff2b", "sha1": "17616c71d070d99111831805c4a3820efb9ba414", "sha256": "6abe3e65489a0ccd0123937a1ed3d02ed3f551bdb3a59d5633c0f1593a265f93", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/iespell/editor_plugin.js", "md5": "22526393cacb6447a0e3bfff2fb47773", "sha1": "1b86197b3e21cb0f341b4038bd4a281813cd4339", "sha256": "9f82bde8cbf2ac77a502f5cb352d6548d9bfa060b684eee53fd29a1d161d01b7", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "tr.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/tr.js", "md5": "1263e4e5fb1242031e6c0ec36b39b18c", "sha1": "cefb003b65555523b8908f7a777a1890992b282c", "sha256": "b28f08e6f5d22e0efc039ca8ce2d955150d54a4c3cd15ccd010443a6cdc1a01b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_nb.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_nb.js", "md5": "e07b8917acfa36924397135e2c976929", "sha1": "d3dbfc101eb61f2863eac9a3313fa9eafbdbc4c0", "sha256": "609664f6cadd0eea07009017bec8bffe6dbb628c4c9216374530ac65b8233e70", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_nl-NL.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_nl-NL.js", "md5": "5c82a374eecae00fb46a7d9d9cc6f945", "sha1": "735dce0cc2a7304135d2e92a37741fe37d70c713", "sha256": "ccb1d59464ab68f48a41d896e8510e3dc0d3e01facfec18002b9c52884994d77", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-sort.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatable/datatable-sort.js", "md5": "67e113300f03aca3f08be5247f9fa716", "sha1": "deccbfec7ef2b965c266cf24e73ba828dd4896e7", "sha256": "16517f45ead1fda431daa5da607dca58c3308be68f18a895dc3c68593f812a42", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "json-parse.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/json/json-parse.js", "md5": "378323ad6edb99009fa934a4e3985812", "sha1": "3ab5b34a878cf01deb4e31b9f4ead78cbfda4af8", "sha256": "742502cc042757b6d3b309edfe5506a227f7ef4c9e3853642a0aec60d7d41919", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "autocomplete-list.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/autocomplete/lang/autocomplete-list.js", "md5": "ed5030d8ac9bdcf54b7b98f432766487", "sha1": "f653f6a8c675fd0ef40978c062df93d11e729c27", "sha256": "23dbd371dcf7202f641415fe693fb54cc7ee35558fb8e76e9462651a566d8b1b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "en_us.lang.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/DataTables/media/language/en_us.lang.js", "md5": "9e19e7e9a539a1d5be8497664ee526e2", "sha1": "1a677b1c41226f6b156819fc1bfbadeb7dceb484", "sha256": "401d5258cbd89c1b28d1fc8d8a5180f0cfdeb44a82728a366322bcfc34c8b8ac", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "html5shiv.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/html5shiv.min.js", "md5": "f4d9dea8e0ae8455500862bbb874d63c", "sha1": "377301809c44223882042091c449529b2cafbbc3", "sha256": "b2a42570e67080a9014519f95af4a14acba8a4e76af5cdd4f92b6a80f8858474", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-date-format.js", "md5": "6a24c2df18e00088c2c23035525cf01c", "sha1": "2c316d9dd4b6e62bc694c2b3440e3cf2077b6361", "sha256": "ad79384071e7876c42ecddc038d6fff02df0d8e40846f0594d1f549df7d1f43b", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "login.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Users/login.js", "md5": "aecda71684245b3eb2a991e96cb9090e", "sha1": "84f2cbe4fc31baff43fe0643394ae0ced76275ac", "sha256": "94b8c83bf5f98ab1e50a152eaca9a31196787335ae4a893050c22d6464135a7f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/colorpicker/plugin.min.js", "md5": "1581bb02286f54b4fb0cce52d2ef61c7", "sha1": "e686620051b5d7f533ab6f813063ac604d9d262e", "sha256": "02eb6d55dc132f735d9ab8ef11259b2e25f0dd2ce157dce681d74b7307fb0ac4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "zh-tw.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/zh-tw.js", "md5": "611c831b76289557de121b3cbaa8ec75", "sha1": "d5685c14965f8dfb8b9ddb9b34b6b59650726d9c", "sha256": "30e51bfaba20c51c3fcc601b0a42a06c1d08ca1bd11af3fda1c275e85c0d727e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "recordset-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-base.js", "md5": "a8374e201044484652a25fd9f0e96d97", "sha1": "77606f9858ff6be02a1e1f0c2e69e7baf9afc62a", "sha256": "a380ada9a06353be476151832528e7a530261ae22af9fae0df1d8267409f1ba4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "imageloader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/imageloader/imageloader.js", "md5": "bb1e0120d7b3d0da7be38e191b38f047", "sha1": "544a700f5f57c44acfc0c503f67974c88540a8f4", "sha256": "11ed2c701a48a52697eb4876e090f591cb727a2038b3e0204ef6af77df86cd14", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/noneditable/plugin.js", "md5": "67a5407145b25e4978a87e2a401a4f7e", "sha1": "d6df47175881ef8d843b7d2ba2df2b399eed0099", "sha256": "de9e83a5eae01e1e83441d8c71f3aa79e9fd6febcb308a52819c5f8830189469", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hans.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hans.js", "md5": "4a6720a372515d654cf25424d59026d2", "sha1": "846ff88e08a93a9568ae71f9912ca6fc8aff5c00", "sha256": "711ebecef6ee21e665c06f96af21b6686077bcb1f5853362480b7a4285b7a427", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_fr-BE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_fr-BE.js", "md5": "253bdc1ff4ad9bb64a7a34ec3989d31a", "sha1": "b5a2b333dad52d05d5cc39aeb3e83ecd9a8576a2", "sha256": "1374b1c5e503bffd3d17cb657b5b369c3f8e35b11fad657e09f1510341d06fca", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "get-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/get/get-min.js", "md5": "e88f7625b7a7ac3abec7f8f0bb567f70", "sha1": "02f8e54859e4a21465e3223e4d4e338d78db911d", "sha256": "651dab816a3e5968e4f57cffbc1e50099f8f6be8099ca994b7eea3ca85d6386a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/visualblocks/editor_plugin.js", "md5": "592e70a44aeb7c974eb9c5ff05c107a7", "sha1": "8589a11ee1a31786fa8dccf100d19ec94efbf480", "sha256": "c8a4fb60b46ba6122522f1b3c4ab752ab43933f2325bafda73c619d82a888e84", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_ru.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_ru.js", "md5": "57466cdaa6d59283e259ed5dbd5f099b", "sha1": "25cfaed496d4bf1918ce21a9009d80bafbbe5af8", "sha256": "741ea0fb587ff01c4b2827f5c9af9e0e6cd25291c347c41598a3bdd6420cc59e", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/importcss/plugin.min.js", "md5": "208c6266016cebbd562bce71de3516a9", "sha1": "ff1ffaa5a25940a664a3a94322f7c488fd3bcb02", "sha256": "22c4fd0c9786a3282b55d59b6cfb890759d0067d86891f9b4b3a0a4b0cae4778", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "wizard.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Campaigns/wizard.js", "md5": "a4f7ae104e285c343542a99ce42b7770", "sha1": "1303f846b1172968bd41c837241e4c82d8ea9907", "sha256": "75ecd4cbdf7cfa9cf7a4a329175dc2dce34b906372c3623dfb380af56966fb2c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "studio.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Studio/studio.js", "md5": "d724a9b77a8ef550efb4f45e850b9154", "sha1": "4c442058b9f818db5e59ff8f00e5d77d6dd0d06d", "sha256": "f316238c03e443e054bef83cedae6f0299c37fa3a8a443e36ff626bf74576856", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_pl.js", "md5": "9f95aea8f69760e112c079fc0ec7df82", "sha1": "a2b5e6c4a663b9a3dda1a093106a466f9528b501", "sha256": "badaf54e09513fed7518950c9c2a339dd26f3e27174cd2e54123056320cb488e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "fa.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/fa.js", "md5": "94ad823d1a83b74fe2b55628b6181e9d", "sha1": "ae8dd27213a4c6e39d0a210ad4ed5067aed83a53", "sha256": "230caa2649c820a9e12ba19835eda606dc8784716b20d12b2d604f04c80230cc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "he.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lang/he.js", "md5": "e56c59d8b6e1e2b038dcf5b7469c8272", "sha1": "15c39bbc58ae2d70be330c0c202a2ba135f6c9db", "sha256": "60fa358725f624deb67c5acb03e839541bdbe1f2839b34620a0ed6cb576a279c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "markerclusterer_packed.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/markerclusterer_packed.js", "md5": "56c9437aed370f6bdbb8252ba8faf0a3", "sha1": "06a574dd43fd74cf4770b888f68924683a0e9284", "sha256": "f43fc46505aa92ea8738d645e8ec1969522342daa822d069f03adfaf33f319e5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "node-flick.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node-flick/node-flick.js", "md5": "c6348f1b394685679056906ce9914412", "sha1": "762f7f4600bbe609398ffef749eed739e7e0cc9b", "sha256": "d3cd366e2f898e0eaca9e505a1e2c128365a2a25ea5765306b81d8d83b662f6c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "slider-value-range.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/slider/slider-value-range.js", "md5": "0f1fc2337592f510ef0f632f49388c0c", "sha1": "f02c2e516d68401df113d4cef6bfd75ac9611fc8", "sha256": "57db012b6d26970d855d825d07f49623de42f49436f7e49e6b43b0ce646cc628", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "querystring-stringify.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/querystring/querystring-stringify.js", "md5": "1f8d2a5c3eb8232c3de1979c8bf1e2c5", "sha1": "7c21a35b510b9e737a66412710687e4aef52112b", "sha256": "4c1a0d38e7989ddacdc98a7dec989b34b5ef848b5696a54071db09325b8ae2dc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "event.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/event/event.js", "md5": "a7a3fd8d55b9ed5439362c14cf579803", "sha1": "a27b091bbf202baedf73e0ba31e7ff81a56bc9e2", "sha256": "041eb5025c4167fd091b344c54d7257dad130eb4f20efd3b82ec203a8dcb4dfb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_pt-BR.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_pt-BR.js", "md5": "aab611961de099af8859c95550ad7e36", "sha1": "d9ae94cc05af442b75309f6b4d2fb595953cecbf", "sha256": "76de2b0b28320867591b60d795961eb89e1c0cb6e5260de02544d1b2b0fa78b8", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-US.js", "md5": "142ff2a1d783a79c9dc4d55c2d882f3d", "sha1": "17816fad63b1f17e58aec6f39918d0be8b7ef53d", "sha256": "009f890e1b1d2d1366b289f293da9be8ab7cb81d0108d88c5b00ef26c281fe50", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "searchreplace.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/searchreplace/js/searchreplace.js", "md5": "03127b1e792fa9dadaa68251d9ba9f26", "sha1": "04a1200dd5540f8eb26c8d6931eef71f5e34db3c", "sha256": "d3cbb7c4a077c0da29f295b37dba950ed643e7f7339e12b17e01cfe891af9a3e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/autolink/plugin.min.js", "md5": "5806c19b409fc3f6a8eb4bb7c7872666", "sha1": "19380ccd0e8fb9bb45cca6806f98db941ff63f57", "sha256": "4200c43f47640a7a70bbd0132b350c25e0feccb331a0ee7a6554bb41dc1c25d3", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatable-sort_en.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatable/lang/datatable-sort_en.js", "md5": "d8a8346048d1e13aa82d75a9b4eb7f3e", "sha1": "c8c378c63fd37171426375abe9cacfb1dd7c1045", "sha256": "f40358efd4035eb6f9cc44b84cf5bfb0a7f0a312e6f9927a2b976f704c723a7d", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Administration.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/modules/Administration/javascript/Administration.js", "md5": "d6ceb885790e2541eecfec634e6ab255", "sha1": "b2f9773a26b624005cdc75fe622c9296ed546a2e", "sha256": "38eeb395a724a342f4500349da3a3d715b700c0fa69aec12ed04f36987e6798e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "Merge.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/MergeRecords/Merge.js", "md5": "e1e95bc4c9e977a0f15aa7afeefab4f4", "sha1": "9fba387014fee86f0659d578b362a4d01096b12f", "sha256": "710ec6e9ca60a9d501aeb070013b787c66b693728785f04144c982ec9de77b96", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ru-RU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_ru-RU.js", "md5": "5d12cabfe361c602fa0a8e90e457e348", "sha1": "62cd9472c80d7cb782bb1594d34025a5162eba26", "sha256": "4a68a2640d4ca1acf4e0629c2f1f4016ce3ba7fe27939450068160a24bc6e9db", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } } ] }